On Mon, 14 May 2007, McGovern, James F (HTSC, IT) wrote: > 1. ONLY consultants and vendors have jumped on the bandwagon. Other IT > professionals such as those who work in large enterprises have no > motivation to pursue.
"Only" vendors have jumped on the bandwagon? The software developers are the ones we WANT jumping on the bandwagon. But it's not just those two. The initial announcement of these exams featured representatives from several large US government organizations who said "they need this." Other major US organizations need this and want this, but they aren't saying so publicly. SANS did a survey of over 300 organizations that included a lot of software consumers. > 3. It needs to be more language agnostic. Folks who code in Smalltalk, > Ruby or scripting languages should not be treated as second class > citizens The current tests are designed to handle specific skills in specific, prominent languages. Other tests might come out as a result of demand. > 4. I would not measure "experience" but desire to pursue knowledge. This would be great, but I'm not sure how you could actually test it. - Steve _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
