Tech firms hook up on security qualification

The Sans Institute has brought together a coalition of technology companies to support a new qualification in computer security programming.

The GIAC Secure Software Programmer qualification will include four exams covering C/C++, Java/J2EE, Perl/PHP and .NET/ASP, and will be taught in universities and colleges around the world by the end of the year.

"Organised crime groups have turned their attention to computer-based crimes and are increasingly attacking weaknesses in applications, raising the value of secure coding skills," said Alan Paller, director of research at the Sans Institute.

"This assessment and certification programme will help programmers learn what they don't know, and help organisations identify programmers who have solid security skills."

Paller believes that with the right skills, programmers can reduce the risk of losses caused by cyber-attacks, and that the certification will allow security-aware programmers to stand out in an increasingly competitive marketplace.

Any programmer can sit the exams, which will be held three times a year. Versions will also be available online.

"The lack of trustworthy standards and certifications has been a challenge for software buyers and software developers," said Hartmut Raffler, head of Technology Division Information and Communication at Siemens Corporate Technology.

"Secure programming skills are essential for building software that can be trusted. The Sans Institute's willingness to offer this exam as part of a comprehensive secure coding improvement strategy is exciting and will help buyers and sellers of software."

Juniper, Siemens, Tata, Tipping Point and a host of vulnerability agencies have joined the scheme and are recognising the qualification, including the top five code testing companies.

A pilot scheme will be started in Washington this year, and the examination is expected to roll out worldwide by the end of the year.