Friday, November 23, 2007

Standardized Security Test for Software Developers

Hi Software developers folks! As announced by the Secure Programming Council, a standardized test is on the anvil to test software developers’ knowledge of secure programming. With such standardized security test, companies can ensure that their developers have a basic knowledge about wrapping security into software applications.

The council is rolling out its "Essential Skills for Secure Programmers Using Java/JavaEE" the first of six standards initiatives. Later, it will add skills tests for C and C++, as well as languages .Net, PHP, and PERL.

The proposed testing will include areas such as data handling, authentication, and session management and access control. The skill testing is designed to not only ask developers whether they know what encryption is but whether they understand the differences between PKI encryption and other forms of encryption, said Ryan Berg, co-founder of Ounce Labs and a member of the Secure Programming Council's Java and JavaEE steering committee. SANS will administer the tests, which are scheduled to begin on December 5 in London and continue for the next eight months in cities through out the United States and Europe.

The tests cost between $50 and $450, for participants ranging from students to employees of large corporations.

Posted by Praveen Panjiar, Blog Evangelist, OutworX Corporation

No comments: