Secure Software Programmer Exams

Published Thu, 2007-08-16 13:18 Software

The SANS Institute has announced the launch of the first GIAC Secure Software Programmer (GSSP) exams. The inaugural exams covering C and Java/Java EE will be held August 14, 2007, in Washington, D.C.

SANS is leading a consortium of major companies, including Siemens, Boeing, Intel, ABN AMRO, Tata Consultancy, Juniper and Deloitte & Touche in developing assessment exams and certifications in the application security arena to help enterprises reduce the endless streams of software vulnerabilities caused by programmers who are not yet skilled in secure coding.

Several initiatives are underway to improve secure programming skills and knowledge. Symantec, Oracle, Microsoft, and a few other software companies are conducting short courses for their programmers; software firms like SPI Dynamics, Ounce Labs, Watchfire and Fortify Technology are working with universities to provide automated, real-time feedback to student programmers; and dozens of universities are creating elective courses on secure programming. Yet, even if all of those initiatives are successful, they are unlikely to measurably affect the existing 1.5 million programmers already in the work force or those who will be entering the work force over the next five years.

"The lack of trustworthy standards and certifications has been a challenge for software buyers and software developers,” said Hartmut Raffler, head of Technology Division Information and Communication at Siemens Corporate Technology. "Secure programming skills are essential for building software that can be trusted. SANS’ willingness to offer this exam as part of a comprehensive secure coding improvement strategy is exciting and will help both buyers and sellers of software."

Visit http://www.sans.org/info/10506 for more information on the C and Java certifications and exams coming up in August. Sample tests and a complete description of the Secure Coding Initiative can be found at http://www.sans-ssi.org. The site also includes exam blueprints, future exam dates, and other reference materials.

Post new comment

* Internet
* Software
* Linux
* Computers/Servers
* Memory
* RFID
* Video Cards
* NanoTechnology
* Mobile

* Space
* Military
* Energy
* Spam
* Corporate Finance
* Acquisitions and Mergers
* CPU
* Embedded
* Automotive Tech

Motama Releases Multimedia Software, Free Motama releases new downloadable version of its software technology for all major operating systems: Windows, Linux, and Mac OS X Motama's key technology provides a ground-breaking new software solution - called Network-Integrated Multimedia Middleware (NMM) - which allows for developing distributed and networked multimedia applications easily. For the first time, Motama now offers a greatly improved and extended version of its NMM technology as free download from the company's homepage at http://www.motama.com/nmm.html. The software is available for all major operating systems, most importantly for Windows XP and Vista, Mac OS X, Linux, and even for Linux running on the Playstation 3. An additionally provided Software Developer Kit (SDK) together with comprehensive documentation allows software developers to get started quickly and easily with developing applications or plug-ins on top of NMM.
OpenJDK Community Technology Compatibility Kit Sun Microsystems, Inc. has made the OpenJDK Community Technology Compatibility Kit (TCK) License available. This license is for the Java Compatibility Kit (JCK). The JCK is the Technology Compatibility Kit, a suite of tests, tools and documentation that determines whether or not an implementation complies with the Java Platform Standard Edition 6 specification. The evolving OpenJDK community understands that the value of their efforts, as well as the resulting open source Java technology implementations, will be greatly enhanced if these implementations can be certified as compatible.
Microsoft, Xandros and Scalix Microsoft Corp. and Xandros announced a messaging protocol license and collaboration agreement that will enhance the interoperability of Scalix e-mail servers with various mobile and personal computer-based e-mail applications that utilize Microsoft® e-mail protocols. This agreement expands on the ongoing Microsoft-Xandros collaboration.
Light-Weight Profiling (LWP) AMD (NYSE: AMD) today made available a new specification describing “Light-Weight Profiling” (LWP), a technology designed to increase the performance of software applications by providing a mechanism that allows software to more effectively leverage the benefits of multi-core processing. The LWP specification describes the first technology that supports a recently introduced initiative called “Hardware Extensions for Software Parallelism,” which will encompass a broad set of innovations designed to improve software parallelism, and thus application performance, through new hardware features in future versions of AMD processors. LWP is a CPU mechanism that could have broad benefit to software including, but not limited to, runtime environments such as Sun Microsystems’ Java Virtual Machine and Microsoft’s .NET Framework.
Certificates of Authenticity Trafficker Sentenced JUSTIN E. HARRISON, 26, of Oxford, Georgia, was sentenced today by United States District Judge Orinda D. Evans on charges of trafficking in illicit certificates of authenticity intended to accompany copyrighted computer software. HARRISON was sentenced to 3 years, 10 months in prison to be followed by 3 years of supervised release, and was ordered to pay a fine of $25,000. HARRISON was convicted of these charges on May 18, 2007.