[Owasp-cert] Deadlines for August

Matthew Chalmers matthew.chalmers at owasp.org
Fri Jul 25 18:11:36 EDT 2008

A few different points have come up in this thread. My personal opinion is
we should decide what's right for the cert's content and format/delivery
without regard to any artificial limitations possibly imposed by available
technologies, vendors, traditional or popular test providers, etc. That is,
we should be discussing whether, for example, we feel our cert exam should
be based on answering questions or performing tasks or both or something
else, rather than should it be administered by Vendor X or Vendor Y or
Ourselves. Those decisions come later.

I agree with David H., I've taken many multiple choice tests and I don't
feel any of them adequately assessed my knowledge/skill/experience, whether
I passed them or not. I don't necessarily have anything against any
particular test administration vendor but I will have trouble putting my
full support behind a new cert exam that is purely multiple choice
questions. I don't think that arbitrary requirements to take a multiple
choice exam make the situation any better, either, like requiring X years
work experience, a degree, a letter of recommendation, agreeing to a code of
ethics, etc. We also don't really want to be in the business of checking up
on background items like that for veracity, or paying a third party to do
it, most likely (although for some items there may simple/cheap ways to get
reasonable assurance and I'm not discounting these factors entirely).

I just don't want us to get ahead of ourselves or rush into anything. Since
we're pretty much all volunteers and we're trying to hash this out by email
we shouldn't expect this whole cert thing to happen overnight.


On Thu, Jul 24, 2008 at 5:36 PM, <james at architectbook.com> wrote:

> Would it meet your needs if we used Prometric but also required <<signoff>>
> from their local OWASP chapter lead and/or other observable qualities such
> as presenting at conferences, frequent attendance, etc?
>  -------- Original Message --------
> Subject: Re: [Owasp-cert] Deadlines for August
> From: "David H." <dmalloc at users.sourceforge.net>
> Date: Thu, July 24, 2008 12:37 pm
> To: owasp-cert at lists.owasp.org
> I would not support anything that is Prometric or pearson or anything
> which is built purely on a multiple choice model.
> This might work for some parts of the exam, but it does not work for
> behaviour modeling and behaviour type questions to assess whether
> somone has the right mindset for a security professional.
> -d
> _______________________________________________
> Owasp-cert mailing list
> Owasp-cert at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-cert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cert/attachments/20080725/1bb4e09f/attachment.html 

More information about the Owasp-cert mailing list