(ISC)2 aims to fill software security gap

Information security body (ISC)2 has moved to fill what it sees as a gap in managing software risks, with an effort to improve skills in supply chain and software acquisition.

It has added a new domain to the Certified Secure Software Lifecycle Professional (CSSLP) credential exam, to ensure candidates know the security measures to take when acquiring software.

They have to show an understanding of supplier risk assessment, supplier sourcing, software development and testing, software delivery, operations and maintenance, and supplier transitioning. The latter takes in issues such as data exports, contracts and disclosure.

W Hord Tipton, Executive Director of (ICS)2, said its data shows a big increase in the frequency of software acquisition and outsourcing, and that the new domain in the certification exam should help security professionals to make their supply chains more secure.

(ISC)2 is a global not-for-profit, membership body of approximately 87,000 information security professionals. In February it warned that there is a shortage of people with the relevant skills.