Secure Programming Exams Launched

An anonymous reader writes "The SANS Software Security Institute, in conjunction with organizations such as Siemens, Symantec, Juniper, OWASP, and Virginia Tech, has announced a program for testing whether programmers know how to write secure code. The Secure Programming Skills Assessment is split into separate language families (C/C++, Java/J2EE, Perl/PHP, and ASP/.NET). Director of research Alan Paller says 'This assessment and certification program will help programmers learn what they don't know, and help organizations identify programmers who have solid security skills.' The pilot exam will be held in Washington DC in August, followed by a global rollout."

Re:If only

[ciaohound]

It is a management problem, absolutely. But it is also a matter of having seasoned lead developers. A project or program manager per se may not have the technical background to make sure the schedule includes security testing, but his lead developer can explain why it needs to be there.