New minimum standard for software development security
The SANS Institute released its first proposed standard for software developers to demonstrate they have the skills and knowledge to write secure software. This standard, combined with a standardized test of the skills covered in the standard, will enable employers to assure themselves that their developers have the necessary knowledge and skills to recognize errors in their own and other people’s code and write code that avoids most common errors.
Even more importantly, it allows large companies that outsource software development to measure how prepared their outsources are to write secure software. This development is extremely important in light of recent evidence that shows that attackers are increasingly targeting custom software to break in to companies and government agencies.