SANS Institute launched the Software Security Institute, a certification program designed to help assess software developers' ability to write secure code. The certification is intended to inform software developers about the tactics intruders use to discover and exploit vulnerabilities and help developers avoid unwittingly writing these vulnerabilities into applications and system services.
"Programmers don't wake up one morning and think of SQL injection or cross-site request forgery on their own. Yet you can't secure applications without understanding these attacks and others like them," said Jeff Williams, the chairman of Open Web Application Security Project (OWASP).
The institute will begin offering the program with a pilot test slated to be held in Washington, D.C. this summer, and then will roll out the program elsewhere later this year. Anyone can take the exams, and SANS will also offer exams that can be used by companies to assess current employees and employee candidates. SANS currently offers practice tests online that anyone can take at their leisure. The currently available language tests include C, C++, Java, Java 2 Enterprise Edition (J2EE), with tests for Microsoft .NET, Active Server Pages (ASP), PHP, and Perl to be made available soon.