New test certifies secure code writing skills for programmers

A coalition of major technology users and vendors has announced the first skills assessment and certification examinations for programming professionals to test their secure coding skills.

By Control Engineering Staff April 19, 2007

Washington , DC —A coalition of major technology users and vendors has announced the first skills assessment and certification examinations for programming professionals to test their secure coding skills. The test helps programmers find gaps in their code, and provides an avenue to gain GIAC Secure Software Programmer (GSSP) status. The four examinations each cover a specific programming language suite, including C/C++; Java/J2EE; Perl/PHP; and .NET/ASP. Exam questions are designed to enable reliable measurements of technical proficiency and expertise in identifying and correcting the common programming errors that lead to security vulnerabilities. The exams will be administered in August in Washington, DC, on a pilot basis, and then will roll out worldwide through the remainder of 2007.

The SANS Institute organized the supporting coalition and has been instrumental in advancing the program. “Organized crime groups have turned their attention to computer-based crimes and are increasingly attacking weaknesses in applications, raising the value of secure coding skills. This assessment and certification program will help programmers learn what they don’t know, and help organizations identify programmers who have solid security skills,” says Alan Paller, director of research at the SANS Institute. “With the right skills, programmers can reduce the risk of losses caused by cyber attacks, and the certification will allow security-aware programmers to stand out in an increasingly competitive marketplace.”

Cyber security issues have moved beyond traditional IT areas. Industrial network infrastructure in general and even individual plant control systems have been under increasing attack from criminal elements and terrorists.

The four secure programming examinations provide a focused approach for programming professionals who want to identify weaknesses in their secure coding skills and knowledge. They also allow companies that employ those programmers to differentiate their organizations and help increase their competitive advantage by featuring professionals who have successfully demonstrated their technical secure programming skills through certification.

“As a participant in the development stages of the GIAC Secure Software Programmer certification, we are confident this certification will not only strengthen Siemens’ customer offerings but also strengthen the software development industry as a whole,” said John Fichtner, head of Siemens computer emergency response team. “We look forward to continuing to work closely with SANS to enhance and grow the certification.”

— Peter Welander, process industries editor Control Engineering Daily News Desk