Home : Security : News

New software certification to stem vulnerabilities

Security education group looks at new certification which will make sure software developers are doing the right things to keep out the bugs.

By Asavin Wattanajantra, 25 Sep 2008 at 12:40

Non-profit information security group ISC2 has announced a new certification programme validating secure software development to prevent security vulnerabilities, supported by vendors such as Microsoft, Symantec and Cisco.

ISC2 hoping the Certified Secure Software Lifecycle Professional (CSSLP) will cut the number of security vulnerabilities springing up due to software not being developed properly.

To do this, the certification aims to ensure best practices and also make sure that the individuals working on the software are capable of addressing any security issues that they encounter.

The group said that this will apply to anybody involved in working through the software lifecycle. This would include developers, software engineers, project managers, testers and programmers.

ISC2 quoted Gartner research which said 70 per cent of security vulnerabilities occurred at the application layer, claiming that it was a significant and immediate threat.

It was claimed that new applications lacking basic security controls were developed every day, with thousands of vulnerabilities ignored because developers did not have to deal with them.

“Unsecured software is not only a danger to the enterprise, it can cause higher production costs and delays for the software developer, and require additional staff for the end-user as well,” said John Colley, ISC2 managing director for EMEA.

He claimed that the new certification would be key in offering better critical infrastructure protection, the reduced risk of software malpractice suits and the stricter following of industry and government regulations.

Companies such as Cisco, Microsoft, SANS, Symantec and Xerox expressed their support for the scheme.

“Microsoft strongly supports industry efforts industry efforts to train and certify developers in security, especially those in organisations with limited resources,” said Steven B. Lipner, senior director of security engineering strategy at Microsoft.

“Along with executive commitment, tooling and state-of-the-art processes, certification and training are critical parts of secure development.”

Email to a friend

Print this page

Social Bookmark this article: What is this?

Be the first to comment on this article

You need to Login or Register to comment.

Latest Security Features

How to be a successful online fraudster

Ever wanted to know how easy it is to be an identity thief and earn a fortune? IT PRO reveals all…

More Security Features

Latest Security Reviews

Fortinet FortiGate-3810A

Rating:

An enterprise UTM appliance that’s big on features, performance and expansion potential, but is it good value as well?

More Security Reviews

Latest News Videos in Security

Video: Eugene Kaspersky outlines security threats

Play

IT PRO speaks to Eugene Kaspersky, chief executive and founder of Kaspersky Lab.

Blogs

The Case of my Stolen eBay Account

Want more background on today's hottest IT trends?

Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.

Register for IT PRO

You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.