Computerworld US reported on this new initiative the other day:
Are your software programmers coding securely?
How do you criticise a program that tries to address what we see as one of the biggest issues in our field…………….but do we really need another certification?
Don’t get me wrong, developers will learn from this (if they engage), but lets hope organisations don’t get a false sense of security so to speak and continue to neglect important aspects of the SDLC that so lack security consideration/input today. Passing a few exams does not make one a specialist.
On a more positive note, we are seeing a growth in awareness in this field so any steps like this are positive.