• SwA Communities
• SwA Forums & Working Groups
• Workforce Education & Training
•     - Activities
•     - Resources
•     - Collaborations
•     - Licensing and Certification
• Processes & Practices
•     - Activities
•     - Resources
•     - Collaborations
• Technology & Tools
•     - Activities
•     - Resources
•     - Collaborations & Research
• Acquisition & Outsourcing
•     - Activities
•     - Resources
•     - Collaborations
• Measurement & Business Case
•     - Activities
•     - Resources
•     - Business Case
•     - Collaborations & Examples
•     - Resources
• Malware & Cyber Observables
•     - Activities
•     - Resources
• Resilient Software
• SwA Market Place
• SwA Landscape
• SwA Ecosystem
• Security Automation & Measurement
• Build Security In

Workforce Education & Training Working Group

Workforce Credentials

Several organizations offer credential programs related to software assurance. The following table provides information on some training and certification opportunities.

Certification Authority	SwA Relevant Certificates	Resources
EC-Council	EC-Council Certified Secure Programmer (ECSP) (Technologies Covered: C/C++, Java, .Net, PHP, SQL)	http://www.eccouncil.org/
	Certified Secure Application Developer (CSAD)
	Certified Ethical Hacker (CEH)
	Licensed Penetration Tester (LPT)
GIAC - Global Information Assurance Certification	GIAC Secure Software Programmer - .NET (GSSP-NET)	http://www.giac.org/certifications/
	GIAC Secure Software Programmer - Java (GSSP-JAVA)
	GIAC Web Application Penetration Tester (GWAPT)
	GIAC Certified Penetration Tester (GPEN)
IEEE Computer Society	Certified Software Development Professional (CSDP)	http://www.computer.org/portal/ web/certification
	Certified Software Development Associate (CSDA)
ISC2	CSSLPCM - Certified Secure Software Lifecycle Professional	http://www.isc2.org/csslp-certification.aspx

 

Licensing and Certification

The following reference papers are related to licensing and certification.

“Issues in Licensing and Certification of Software Engineers,” Tenth Conference on Software Engineering Education and Training, IEEE Computer Society Press, April 1997
This article is available for download to IEEE Computer Society subscribers. Non-subscribers may purchase it. Go to IEEE Computer Society’s website to download or purchase.

Abstract:
The issues associated with licensing and certification of software engineers are difficult. At present, there is no agreed-to body of knowledge on which to base certification. Some state legislatures are attempting to regulate the practice of software engineering without adequate understanding of the field. As a result of safety-critical software disasters, some professionals believe that licensing or certification is inevitable, so the software community had better figure out how to do it before someone else does it for them. In this paper, we survey the state of the practice of licensing and certification in other professions, identify the issues that might be encountered in attempting to license and certify software engineers, and suggest possible actions that could be taken by the profession. We discuss the implications of licensing or certification for education.

 

“Are We Going to Fish or Cut Bait? Licensing and Certification of Software Professionals,” Cutter IT Journal, May 1998, Vol. 11, No. 5, pp. 4-8.
This article is available for download to Cutter Consortium Resource Center clients. Go to the Cutter Consortium Resource Center website to download or purchase.

Abstract:
In his "Risks" column in Software Engineering Notes [8], Peter Neumann recites an ever-increasing litany of visible, embarrassing software problems that are causing financial loss, injury, and even death. In our litigious culture, it is amazing that there have not been more lawsuits on account of bad software. Why is this? Probably because the average user has been conditioned by the disclaimers that come on packaged software. The average user thinks that it is OK for software to fail or not work as advertised. We can liken this to the automobile industry in the days before Ralph Nader raised our consciousness. Who ever heard of a recall on an automobile back in the 1950s? We took it for granted that sometimes cars didn't work the way they were supposed to, and sometimes people died as a result. It never occurred to us to hold the automotive industry responsible. We were more interested in the new features, speed, and paint color than in safety.

“Current Accreditation, Certification, and Licensure Activities Related to Software Engineering,” Annals of Software Engineering, Vol. 6, 1998, pp. 167-180.
This article can be downloaded here.

Abstract:
The issues associated with the accreditation, certification, and licensure of software engineers are, or at least should be, of great concern to the software engineering community. Perhaps as a result of publicity about safety-critical software disasters in the news media, some state legislatures have considered regulating the practice of software engineering, and some professionals believe that accreditation, certification, and licensure are inevitable. Yet there is no agreed-upon body of knowledge for software engineering on which to base accreditation, certification, or licensure, which makes implementing them difficult at best. In addition, it is not clear that these processes and possible mechanisms to support them are well understood within the software engineering community. This paper surveys how these three processes are conducted in other professions, summarizes the processes as they currently exist for computing in general, identifies some issues that are involved in implementing the processes for software engineering, and suggests possible actions that can be taken by the software engineering profession. The implications of accreditation, certification, and licensure for education are also discussed.

 

Contact Us Terms of Use Privacy Policy Sitemap Get a PDF Reader ©2013 Department of Homeland Security