Gary, I think this test will miss for other reasons including but not limited to:
1. ONLY consultants and vendors have jumped on the bandwagon. Other IT professionals such as those who work in large enterprises have no motivation to pursue. 2. The target price for the exams will be an impediment as many folks who can't get reimbursed for taking them will not bother. 3. It needs to be more language agnostic. Folks who code in Smalltalk, Ruby or scripting languages should not be treated as second class citizens 4. I would not measure "experience" but desire to pursue knowledge. Experience over time can get static. How many of us know a COBOL programmer who has had one years of experience twenty times. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gary McGraw Sent: Friday, May 11, 2007 11:18 AM To: SC-L@securecoding.org Subject: [SC-L] Darkreading: Secure Coding Certification Hi all, As readers of the list know, SANS recently announced a certification scheme for secure programming. Many vendors and consultants jumped on the bandwagon. I'm not so sure the bandwagon is going anywhere. I explain why in my latest darkreading column: http://www.darkreading.com/document.asp?doc_id=123606 What do you think? Can we test someone's software security knowledge with a multiple choice test? Anybody seen the body of knowledge behind the test? gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________ ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************************* _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
