[EMAIL PROTECTED] writes: > certifications such as CISSP whereby the exams that > prove you are a security professional talk all about > physical security and network security but really don't > address software development in any meaningful way.
Perhaps what is needed is a separate certification. It would be nice to know that someone knows how to write software in a secure manner, but it's not necessary that they know all about physical security, firewall rules, etc. It could even be done at multiple levels, like Sun's Java certs, to certify knowledge of secure design principles vs. secure *implementation* principles, maybe even going onward to principles of building security into the process. Something like, say, Certified Secure Programmer, Coder, and Software Engineer, respectively. > Would be intriguing for folks here that blog to discuss ways ...in their blogs? <rant size="micro">That's not discussion, that's pontificating. It also detracts from discussion, by fracturing it.</rant> Discussion is what we're having *here*, so whether someone blogs is irrelevant. -Dave _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________