I agree that multiple choice alone is inadequate to test the true breadth and depth of someone's security knowledge. Having contributed a few questions to the SANS pool, I take issue with Gary's article when it implies that you can pass the GSSP test while clueless.
There is indeed a body of knowledge that is being tested. SANS has been soliciting comments on the document. kr, Yo On 5/11/07, Gary McGraw <[EMAIL PROTECTED]> wrote: > Hi all, > > As readers of the list know, SANS recently announced a certification scheme > for secure programming. Many vendors and consultants jumped on the > bandwagon. I'm not so sure the bandwagon is going anywhere. I explain why > in my latest darkreading column: > > http://www.darkreading.com/document.asp?doc_id=123606 > > What do you think? Can we test someone's software security knowledge with a > multiple choice test? Anybody seen the body of knowledge behind the test? > > gem > > company www.cigital.com > podcast www.cigital.com/silverbullet > blog www.cigital.com/justiceleague > book www.swsec.com > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > -- Johan Peeters http://johanpeeters.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
