The CSSLP aims to stem the proliferation of security vulnerabilities resulting from insufficient development processes by establishing best practices and validating an individual’s competency in addressing security issues throughout the software lifecycle (SLC). Code-language neutral, it will be applicable to those involved in the SLC, including analysts, developers, software engineers, software architects, project managers, software quality assurance testers and programmers.

To be eligible for the certification, CSSLP candidates must demonstrate four years of professional experience in the SLC process or three years of experience and a bachelor’s degree (or regional equivalent) in an IT discipline.

It covers seven domains:

    * Secure Software Concepts - security implications in software development
    * Secure Software Requirements - capturing security requirements
    * Secure Software Design - translating security requirements into application
    * Secure Software Implementation/Coding - unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
    * Secure Software Testing - integrated QA testing for security functionality
    * Software Acceptance - security implication in the software acceptance phase
    * Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software

The first open exams will be offered beginning June 30, 2009

For more information on the CSSLP, You can visit www.isc2.org/csslp

Visit our CSSLP forums at:  http://www.cccure.org/forum-c19.html