What is CSSLP Certification?
January 13, 2018
Today, cybersecurity threats are emerging with increasing frequency. In addition to network intrusions, various other types of attacks, such as advanced persistent threats, are being launched by malicious parties every day. Software threats and vulnerabilities have grave security implications for individuals as well as organizations. When developing a software application, software developers inadvertently leave loopholes in source code that becomes a secret channel and vulnerability for the intruders. Earning CSSLP certification will ensure software developers possess the most current knowledge of how to keep their software safe.
What is CSSLP Certification?
The Certified Secure Software Lifecycle Professional (CSSLP) certification is a vendor neutral credential; launched in 2008 by the International Information System Security Certification Consortium, or (ISC)2. The CSSLP certification validates that the certified professional has the expertise to include the best security practices, auditing, and authorization into each phase of the Software Development Lifecycle (SDLC). SDLC phases include software design, implementation, testing, and deployment. After earning their CSSLP certification, a software professional will be able to develop a software security program in their organization, reduce production cost, mitigate source code vulnerabilities, and reduce losses because of software breaches.
The CSSLP meets the Level I and II IA System Architecture and Engineering requirements of the DoD mandate 8570.01M. Additionally, the CSSLP certification is accredited for the requirements of ANSI/IEC/ISO Standard-17024.
CSSLP’s Job Task Analysis
(ISC) ² periodically performs Job Task Analysis (JTA) to maintain the relevancy of the CSSLP exam. JTA is a critical and methodical process with the purpose of scrutinizing the job roles of CSSLP professionals to make sure that CSSLP-certified professionals are meeting the current needs of the organizations. Once the JTA has been successfully completed, the acquired information will be used to update the CSSLP Common Body of Knowledge (CBK) to ensure it is relevant and appropriate for current software security scenarios.
The CSSLP certification exam is a rigorous exam evaluating potential candidates across eight different domains. The 175 question, multiple-choice exam is administered over a 4-hour period at a Pearson Professional Center. The CSSLP exam questions are developed from the skills and information contained within the CSSLP CBK with the following weight:
- Secure Software Concepts – 13%
- Secure Software Requirements – 14%
- Secure Software Design – 16%
- Secure Software Implementation/Programming – 16%
- Secure Software Testing – 14%
- Secure Lifecycle Management – 10%
- Software Development, Operations, and Maintenance – 9%
- Supply Chain and Software Acquisition – 8%
In order to become a fully certified CSSLP, (ISC)² requires the candidate to have a minimum of four years cumulative paid full-time SDLC experience in one or more of the eight domains of the CSSLP credential. A candidate can substitute one year of experience for a four-year college degree. If a candidate passes the certification exam but does not possess the required years of experience they will become an associate of (ISC)² and have five years to earn the experience. At which time they will become a fully certified CSSLP.
Registering for the Exam
CSSLP candidates will need to perform several steps to book their CSSLP exam.
- Review exam availability by credential
- Visit the Pearson VUE website
- Create a Pearson VUE account and then review the Pearson VUE NDA
- Select an appropriate testing center
- Select a convenient time
- Pay for the exam
- Check the confirmation through E-mail that the Pearson VUE will send to you. This E-mail includes appointment details, testing location, and all other relevant instructions.
Benefits Of CSSLP Certification
The CSSLP-certified professionals attain several benefits that include:
- Instant credibility:
- CSSLP certification validates that professionals have expertise in software security. It demonstrates they possess the skills required by employers across the world.
- Increased compensation:
- The CSSLP-certified has skyrocketed in demand within the software security industry. Certified professionals are now earning higher salaries because of the increased demand.
- Relevant and new knowledge:
- In addition to certifying their expertise, the CSSLP credential is the best way to expand software security knowledge. Since (ISC)2 offers continuing education for its CSSLP exam, therefore, certified professionals will be able to keep their knowledge and skills relevant and current through (ISC)² offered courses.
- Versatile skills:
- Since CSSLP is not product specific, certified professionals will be able to apply their knowledge and skills to different methodologies and technologies.
- Better protect the organization:
- CSSLP professionals can better protect their organization by making its software products safer. Moreover, the CSSLP professional can protect confidential and sensitive data from internal and external cyber security threats.
CSSLP Certification Renewal
Once you successfully attain your CSSLP certification, you will become (ISC)2’s member. However, maintaining your certification is prerequisite to jobs and opportunities in the realm of software security industry. You need to follow some procedures for regaining your certification. It includes:
- The compliance with (ISC)2 Code of Ethics
- Earning and posting Continuing Professional Education (CPE) credits
- Paying the Annual Maintenance Fee (AMF)