[Owasp-cert] Private Note on Security

Christian Wenz chw at hauser-wenz.de
Mon Jul 28 15:50:57 EDT 2008

Very interesting note, thanks for sharing. I obviously agree with 1) – see my previous posting. 2) is very interesting, I wasn’t aware of those statistics. That’s definitely something to watch out for. On the other hand I think that web application security and OWASP are more “mainstream” and target a wider audience than CISSP. One of the mail goals of OWASP is that best practices for secure (web) coding and planning should be promoted, which appeals to a lot of people, who in turn are targets for certification. Are there any numbers for more web related certifications, like Microsoft’s ASP.NET Web Developer exam, or Zend PHP, or … ? 


Best regards




I got a private note that I figured I would share the essence of. These do not necessarily represent my own opinions.

1. There is a belief that having chapter leads participate in certification may actually weaken the security of the exam as there is no requirement to even become a chapter leader other than interest. One may not have a security background and could even have less than desirable backgrounds. So, anything other than a few trusted individuals who proctor at every location and/or Prometric is encouraged.

2. Another belief is that statistics show that security certifications such as CISSP, CEH, etc are primarily taken by those in North America and out of this demographic, half of the takers either are employed by the Federal Government in some capacity. The Federal Government will only reimburse for exams that follow ISO 17024. Ignoring statistics for philosophy may cause you to lose half the potential demographic.

3. The discussion is enlightening in that the economics of certification are not well known in the community at large and anything that helps others understand is beneficial. However, the belief is that this should have a time limit.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cert/attachments/20080728/d443de3d/attachment.html 

More information about the Owasp-cert mailing list