(ISC)2 Announces CSSLP Developer Certification

(ISC)² has announced a certification for application development security called Certified Secure Software Lifecycle Professional (CSSLP).  According to their site, CSSLP seminars will be offered beginning "early 2009" and exams will start June 2009.  There will also be an "experience assessment window" starting September 30th in which candidates may submit "Accomplishment Records" for review - accepted qualified applications will get the $650 USD exam fee waived skip the exam for a $650 fee.  Similar to the CISSP, the CSSLP requires four years of experience in four or more of the topic areas listed below, endorsement from a current (ISC)² certified individual, and a commitment to the (ISC)² Code of Ethics.

(ISC)² has announced a certification for application development security called Certified Secure Software Lifecycle Professional (CSSLP).  According to their site, CSSLP seminars will be offered beginning "early 2009" and exams will start June 2009.  There will also be an "experience assessment window" starting September 30th in which candidates may submit "Accomplishment Records" for review - accepted qualified applications will get the $650 USD exam fee waived skip the exam for a $650 fee.  Similar to the CISSP, the CSSLP requires four years of experience in four or more of the topic areas listed below, endorsement from a current (ISC)² certified individual, and a commitment to the (ISC)² Code of Ethics.

According to their site, the CSSLP Common Body of Knowledge (CBK) will be comprised of 7 domains:

• Secure Software Concepts
• Secure Software Requirements
• Secure Software Design
• Secure Software Implementation/Coding
• Secure Software Testing
• Software Acceptance
• Software Deployment, Operations, Maintenance and Disposal

Open Web Application Security Project (OWASP) is also working on an OWASP Certification Project that is due to be delivered "Q4 2008".  It will be interesting to see how these certifications compare.