No Image

(ISC)2 certification counts – how many CSSLP are out there?

(ISC)2 maintains this page https://www.isc2.org/member-counts.aspx# with the counts of all certifications per country. I wrote before about this here https://www.sorinmustaca.com/how-many-certified-secure-software-lifecycle-professionals-are-out-there/, but this was back in 2013 (1.5 years after I became certified) !   Some statistics: As of September 25 2013: 1168 CSSLP  Romania  1 Germany 19   As of May 23 2022: 3008 CSSLP   Romania  6 Germany 48 Mexico 8       If these numbers appear big… look at the count of CISSP (without specializations): 152.623 as of today. So, yes, you can see how hard is to get this certification.   This year I celebrate 10 years of being a CSSLP!  

Nice present from (ISC)2 – CSSLP renewal for 3 years

Six years ago I was writing here about getting my “Certified Secure Software Lifecycle Professional” certification: http://www.sorinmustaca.com/finally-officially-csslp-certified/ Two certification cycles in the future, meaning 6 years, I received an update for my diplom and some goodies: And inside the new diplom, the card and a pin.

More insecure software around car (in)security

As I mentioned already, anything that runs software has to abide to secure coding principles. Cars run more software than many other devices around us. And they run special software… which needs to be taken care of by other special software. And when that software is vulnerable, then you’re in trouble! Now some researchers discovered that by exploiting a zero-day exploit found in car mechanics software used to debug and fix cars sold by the Volkswagen Group. This software is built and sold by third-parties, not Volkswagen. This is not new, I already wrote an article about this: As expected: the USB Stick-like infection from PCs goes to automotive as well! The researchers said they only experimented with the exploit on an Audi TT model, but other car makes and models may be vulnerable as well, at least in theory. The attack leverages poor PC security measures, not the actual car software (source: Softpedia) The attack, as described by the three scientists, relies on infecting with a car dealership’s computers with malware which leverages this vulnerability in the car computer debug tools used by mechanics. When this tool is connected to an Audi TT to perform routine maintenance checks or fixes, the malware…

No Image

Finally, officially CSSLP certified

(ISC)2 requires that a candidate meets some requirements before he/she receives the right to call himself/herself (ISC)2 certified.     Receiving the (ISC)² credential is a several-step process: Required Experience – possessing the required number of years for the appropriate credential Study – taking advantage of the educational materials (ISC)² makes available for you to review and refresh your knowledge before taking the credential examination Application – validating your education and/or experience Examination – sitting and passing the appropriate exam Code of Ethics – committing to and abiding by principles and guidelines set forth by (ISC)² Endorsement Process – attesting to your eligibility requirements After that you get :    Maintaining your membership requires the following: Remain in Good Standing – to remain in good standing as a member of (ISC)² a credential holder must abide by the (ISC)² Code of Ethics Earn Continuing Professional Education Credits (CPEs) – Credential holders must earn the minimum number of Continuing Professional Education credits (CPEs) annually during each year of the three-year certification cycle. Although members may earn more than the minimum number of CPE credits required for credential maintenance for the three-year cycle, they are still required to earn and submit the minimum annual number to maintain their certification in “good standing.” Pay…

No Image

Certified Secure Software Lifecycle Professional exam passed

So, it is over … I finally managed to be able to take the exam and I passed it. Let’s see how I did it:   Study materials Official (Isc)2 Guide to the Csslp (Isc2 Press) von Mano Paul (about 500 useful pages) The CSSLP Prep Guide: Mastering the Certified Secure Software Lifecycle Professional von Ronald L. Krutz und Alexander J. Fry von John (about 600 useful pages)   I bought both of them only because the second has tests. But I was disappointed because the same tests are in the book in printed form. Of course, with answers. And of a questionable quality. But, nevertheless, better than nothing.   Which one is better ? I don’t know… none of them would make a difference in passing the exam if you don’t have what it takes: min. 4 years experience in software development. The two books mentioned covered the chapters in two different ways: – the first one is more like a story about the topics required by the exam – the second one is very technical and descriptive. It is like a conclusion of the first one. Study time With interruptions, I started in December 2011 and I studied about 3-4 times per week (incl. weekend) in the…

No Image


I am becoming more and more interested in the (ISC)2 Certification called CSSLP: Certified Secure Software Lifecycle Professional They have a whitepaper for this certification called “Code (In)Security” written by Mano Paul. I am not allowed to publish the direct link because they request registration before giving the link to the whitepaper. In order to register (gratis), go to this link: http://www.isc2.org/wpv There is something interesting in this whitepaper: the acronym I.N.S.E.C.U.R.E : I – Injectable code N – Non repudiation Mechanisms not present S – Spoofable code E – Exception and Errors not Properly handled C – Cryptographically Weak Code U – Usafe/Unsecure Functions and Routines in Code R – Reversible code E – Elevated Privileges Required to Run I can’t copy paste what each of these mean, but do please, read the paper 😉

%d bloggers like this: