Palm Harbor, Fla. (PRWEB) October 25, 2011
(ISC)²® (“ISC-squared”), the world’s largest information security professional body and administrators of the CISSP®, today announced that over 1,000 professionals from 44 countries now hold its Certified Secure Software Lifecycle Professionals (CSSLP) certification.
Application vulnerabilities ranked as the number one threat, according to 72 percent of over 10,000 information security professionals who responded to the 2011 (ISC)² Global Information Security Workforce Study (GISWS). The CSSLP is the only code-language neutral certification that validates that professionals are qualified and capable of incorporating security into each phase of the software development lifecycle. This skill set is critical in curbing threats at the application layer – where most attackers are now focusing their efforts in order to steal organizations’ data.
Individuals holding the CSSLP certification are professionals with at least four years of industry experience and a thorough understanding of how to:
- Break the penetrate and patch testing approach;
- Reduce production costs, vulnerabilities and delivery delays;
- Reduce loss of revenue and reputation due to a breach resulting from insecure software; and
- Ensure compliance with government or industry regulations.
Symantec is just one of a number of organizations benefiting from having security professionals on staff that has completed the CSSLP program:
“The CSSLP certification was introduced three years ago to build a qualified workforce of software security professionals that can address the number one threat vector today: application security threats,” said Cassio Goldschmidt, CSSLP, senior manager, product security at Symantec and SAFECode member. “CSSLP certification ensures that our team understands how to include security throughout the development lifecycle, from conception to design, development and maintenance through disposal. Developing secure software is critical to defending against so many of today’s security threats.”
Information security officer at a fortune 50 company and (ISC)2 Application Security Advisory Board member Edmund (E.J.) Jones, CSSLP , CISSP, GIAC-Java, also understands the value of embedding security into the software development lifecycle. “A few years ago, we decided it was more cost effective to move our applications to the cloud. From a security standpoint, we needed to make sure that it was not going to present any new vulnerabilities or weaknesses in our current application infrastructure. By enlisting a team that fully understands the implications of software security in the cloud, we were able to deploy our cloud applications on time and with ease, focusing on the business advantages, not the security liabilities.”
W. Hord Tipton, CISSP-ISSEP, CAP, CISA, (ISC)² executive director, added, “Professionals across the world are lining up to validate their skills in secure software lifecycle development. This is proof of the growing need to overcome application vulnerabilities. The data from our 2011 GISWS shows an industry that is insecure and in need of investment, education and a change of habit. Through the CSSLP, we are preparing everyone involved in the software development lifecycle with an understanding of and appreciation for security fundamentals so that we can eliminate software as attackers’ favorite port of entry.”
The CSSLP, which is accredited under ISO/IEC Standard 17024, aims to stem the proliferation of software vulnerabilities by establishing best practices and validating an individual’s competency in securing the software lifecycle. For more information on the CSSLP, please visit https://www.isc2.org/csslp.
(ISC)² is the largest not-for-profit membership body of certified information security professionals worldwide, with over 80,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), Certified Authorization Professional (CAP®), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)²’s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers education programs and services based on its CBK®, a compendium of information security topics. More information is available at http://www.isc2.org.
# # #
© 2011, (ISC)² Inc. (ISC)², CISSP, ISSAP, ISSMP, ISSEP, CSSLP, CAP, SSCP and CBK are registered marks of (ISC)², Inc.
Follow (ISC)² on Facebook, Twitter and YouTube.