CICRA to certify Secure Software Developers
A move to benchmark Sri Lankan software industry safe against hackers
As Sri Lanka gears to achieve US$ 1 billion worth IT exports by 2016,
CICRA Education has launched a programme to certify Secure Software
Developers to increase their global competitiveness.
|
Boshan
Dayaratne |
"The Sri Lankan Government has announced in its 2013 budget that it
targets to earn US$ 1 billion worth foreign exchange through IT exports
by 2016. This requires showcasing the country's IT industry as a safe
destination for hacker proof software development," CICRA Director/CEO
Boshan Dayaratne said.
"It has come to a situation where we learn about at least a single
hacking incident every day. Thus, the responsibility on software
developers to ensure that applications they make are not vulnerable is
immense. That is why we have to train and certify our software
developers," Dayaratne said.
According to the International Council of Electronic Commerce
Consultants (EC-Council), USA, about 95 percent of software bugs come
from common, well-understood programming mistakes. "Today's developers,
most often don't have the academic discipline of secure software
engineering and software security training and development around what
characteristics would create flaws in the database security programme or
lead to bugs," Dayaratne said, quoting the EC-Council.
"One of the problems is that the educational establishment generally
doesn't teach secure programming at the undergraduate or even graduate
level."
"In that context, we are proud to introduce a training programme that
would demonstrate that the IT industry employees are thorough on
standardized knowledge base for application development, by
incorporating the best practices," Dayaratne said.
"The training would cover pragmatic use of experienced security
expertise in the various domains, when developing applications. The
training would cover the need for application security, creating secure
code, secure coding fundamentals, secure coding technical components,
secure coding assessment tools and application penetration testing."
"Under this training programme, certification of secure software
developers takes place at two levels with those who pass the
certification level could progress to obtain the advanced certification.
These certifications are globally recognized," he said.
"Those who obtain the advanced certification, could also become a
Certified Secure Programmer (ECSP) of the EC-Council, USA."
"This programme is non-vendor specific, thus driving greater
appreciation for the platform/ architecture/ language one specializes on
as well as an overview on related ones," he said.
|