CICRA to certify secure software developers
As Sri Lanka gears to achieve US$ 1 billion worth IT exports by 2016, CICRA Education has launched a programme to certify secure software developers to increase their global competitiveness.
“The Sri Lankan government has announced in the 2013 Budget that it targets to earn US$ 1 billion worth foreign exchange through IT exports by 2016. This requires showcasing the country’s IT industry as a safe destination for hacker proof software development,” CICRA Director/CEO Boshan Dayaratne said.
“It has come to a situation that we learn about at least a single hacking incident every day. Thus, responsibility on software developers to ensure that the applications they make are not vulnerable is immense. That is why we have to train and certify our software developers,” Dayaratne said.
According to the International Council of Electronic Commerce Consultants (EC-Council), USA, about 95 percent of software bugs come from common, well-understood programming mistakes.
“Today’s developers, most often don’t have the academic discipline of secure software engineering and software security training and development around what characteristics would create flaws in the database security programme or lead to bugs,” Dayaratne said, quoting the EC-Council.
“One of the problems is that the educational establishment generally doesn’t teach secure programming at the undergraduate or even graduate level.”
“In that context, we are proud to introduce a training programme that will demonstrate that the IT industry employees are thorough on standardized knowledge base for application development by incorporating the best practices,” Dayaratne said.
“The training will cover pragmatic use of experienced security expertise in the various domains when developing applications. The training will cover the need for application security, creating secure code, secure coding fundamentals, secure coding technical components, secure coding assessment tools and application penetration testing.”
“Under this training programme, certification of secure software developers takes place in two levels with those who pass the certification level can progress to obtain the advanced certification. These certifications are globally recognized,” he said.
“Those who obtain the advanced certification can also become a Certified Secure Programmer (ECSP) of the EC-Council, USA.”
“This programme is non-vendor specific, thus driving greater appreciation for the platform/ architecture/language one specializes on as well as an overview on related ones,” he said.