ISC(2), which sponsors the CISSP, co-developed with NSA a CISSP Concentration called the ISSEP - Information Systems Security Engineering Professional. The focus is really on the National Security Agency's way of doing systems security engineering, as reflected in the SSE-CMM methodology, and in the DITSCAP and DIACAP certification processes. If you do work with the Intelligence Community, it may be worth considering. For more info:
https://www.isc2.org/cgi-bin/content.cgi?category=3D523 In the commercial space, an organization called the EC-Council (EC for "e-commerce" not "European Community") is now offering two security certifications specifically for software developers: EC-Council Certified Secure Programmer (ECSP) and Certified Secure Application Developer (CSAD). I know nothing about the EC-Council, or how much value or recognition these two certifications have or will get in future, but it is interesting that someone has FINALLY come up with certifications specifically addressing Software Assurance. For more info, check out: http://www.eccouncil.org/ecsp/ -- Karen Mercedes Goertzel, CISSP Booz Allen Hamilton 703-902-6981 [EMAIL PROTECTED]
