The SANS (SysAdmin, Audit, Network, Security) Institute announces the first secure coding assessment and certification exams for programmers.
Programming professionals can test their secure coding skills, find the gaps, and, if they choose, gain certified status. The examinations each cover a specific programming language suite and are designed to enable reliable measurements of technical proficiency and expertise in identifying and correcting the common programming errors that lead to security vulnerabilities. The exams will be administered in August in Washington DC on a pilot basis, and then will roll out worldwide through the remainder of 2007. The first tests are already available on the Web for the C and Java languages.
Security is surely one of the most neglected area of the software engineering discipline. The security/access model of a new project is often treated as last-minute activity after the functional requirements have been defined. Only companies operating in more sensible industries (banking for instance) have a more pro-active approach to this topic. Now with the increased openness of the internet world and the wide usage of open source code mainly based on interpreted languages, the possible vulnerabilities of applications have increased. Identifying possible security threads and applying programming best practices to prevent common coding mistakes is a goal that every internet programmer should have.