[Owasp-cert] Pain Points

Christian Wenz chw at hauser-wenz.de
Wed Jul 23 13:45:09 EDT 2008

Some ideas/thoughts:

> 1. What do we envision the biggest pain points to be in executing the vision of OWASP certification?

+ Finalizing a structure for the exam (topic areas, weight of the topic area). 
+ Getting questions of the necessary quality and quantity. In my experience, the former is hard, the latter is even harder.

> 2. Anyone game to figure out the best practice for capturing questions and there answers?

Publish the topic areas and invite contributors to add their own questions. However define a core team that is responsible for fillig the topic areas. The core team also picks and edits contributed questions. 

> 3. Sooner or later we need to figure out the process for weeding out the numerous 
> duplicate/redundant/worthless/pointless questions that may arise. Should we have some rules?

Again this is something for a "core team". Usually there is one person responsible every subject area who may delete "unworthy" questions. However which questions actually make it into the exam is something the whole team must decide (usually via a voting mechanism, and we should consider whether someone may veto a question).

> 4. Independently of the integrity of the questions, how will we determine the answers are worded so as to not create 
> serious confusion for exam takers?

This depends a bit on whether we use Prometric/Pearson VUE (they have guidelines and a mandatory reviewing process). A good idea is to create a set of typical questions that serve as a template for all other questions. Also, usually at most 50% of the answers should be correct (if it's more than that, add a "not" to negate the question).

> 5. I am a big believer in attribution and will desire to give a sense of diversity of those who have participated. I > was thinking about listing first name, last initial, job title and country. Employer would be optional but I suspect > that most would be suppressed to allow this form of acknowledgement.

Core team should be fully attributed. For question contributors, First name, last initial and country should suffice. Anything more might be tempting to talk about the submitted questions ;)

Any other comments?

Best regards

More information about the Owasp-cert mailing list