A coalition of 360 users and vendors led by the SANS Institute last week launched a new information security skills assessment and certification program for corporate and government software programmers.
The National Secure Programming Skills Assessment (NSPSA) examinations will provide IT managers with a process for assessing the secure coding skills of their internal programmers, said Alan Paller, director of research at Bethesda, Md.-based SANS, a provider of security training and certification programs.
The program will also give companies a reliable way to measure the security skills of individuals working for their software vendors and service providers, he said.
“I can definitely see this as being very, very useful,” said Kevin Jarnot, chief technology officer at The Debt Exchange Inc., a Boston-based loan sale adviser for commercial debts.
Unlike certification programs, in which one can cram for a test, an assessment program can provide a better picture “about what your skills really are,” Jarnot said. The SANS program would “greatly help” Debt Exchange assess the security awareness of junior software engineers and force them to write more-secure code, he said.
But such assessments must be topical and relevant, Jarnot warned. “Otherwise, it can give you a false sense of security about your security.”