How do you know how good your in-house developers—or even more, your outsourced providers—are at producing secure code? Pretty much, you don’t. Enter the Secure Programming Council, a 40-organization board that’s establishing “essential skills” standards and exams in a variety of programming languages. On Tuesday the council published its list of essential skills for Java/Java EE; beta versions of the certification exam will be given beginning in December. Bank CISOs are rumored to be anxiously awaiting the availability of the test. “I know one financial organization already told its 1200 in-house programmers and 5,000 outsourced, that they have until August to pass the test or they won’t be able to touch a line of code for the company,” says Alan Paller, research director at the SANS Institute. “The financial industry is in the lead because they’ve got the most at stake.”
The council is also creating minimum skills standards and exams for C, C++, .NET, PHP
