ISC2 expands studISCope tool to boost software development security

Security certifications organisation ISC2 has expanded its studISCope self-assessment tool to improve the development skills of software professionals, and in so doing address the ever-growing number of software vulnerabilities.

The tool now features a simulation of the ISC2 Certified Secure Software Lifecycle Professional exam. It offers the same look and feel as the real exam, and scores are based on the same algorithm used in the real exam to replicate conditions as authentically as possible, the ISC2 said.

The tool also analyses a user's answers and prepares a tailored study plan which highlights  areas where they perform well and areas where comprehension is still lacking.

"Talk about security is everywhere within the development world, and there is recognition for the need to improve capabilities, but there is still a lot to accomplish," said Bola Rotibi, an analyst with Creative Insight Consulting.

"Moving forward begins with assessment. StudISCope should prove valuable to anyone looking to develop some new, very marketable skills in this sector."

The ISC2 said that the tool could help improve practices among a wide range of stakeholders in the software development lifecycle, including business and technical analysts, developers, software engineers, designers and architects, project managers and software quality assurance testers.

Software vulnerabilities are growing at an unprecedented rate, exposing companies to potential attack as cyber criminals look for ways yo create zero-day exploits.

Last year saw the largest ever number of software vulnerability disclosures, according to the latest IBM X-Force report. Some 8,562 were recorded by the team, up 27 per cent on 2009, almost half accounted for by web vulnerabilities.