[Owasp-cert] Certification Provider

Christian Wenz chw at hauser-wenz.de
Sun Sep 7 13:10:38 EDT 2008

First impressions: they might decline 1) [and I do not see Kryterion’s site’s security as a marketing issue, since the actual exam is not taken online (unless that’s the option we want to use); of course it would be nice if there was an audit though], and I was wondering why you are excluding North America in 8). Apart from that, the questions look tough but fine ;) 



I am compiling a list of questions that we would like to know about Kryterion that aren't addressed on their web site with the hope of gaining additional insight in the next week or two. Below are a list of questions that I have and I would love to receive questions from others on this list...


1. OWASP as its mission has as a focus the goal of making web application security visible. It could be potentially embarassing if the testing provider we chose actually had vulnerabilities we evangelize. Would your organization be open to an audit of source code used for testing if the proper NDAs were in place?


2. Our past experience with certifications offered by Prometric uncovered that not all testing centers can administer all tests. Will we experience something similar here? If not, could you explain why?


3. Thomson Prometric periodically offers item writing workshops to college faculty and other non-profits. Do you have a similar offering?


4. What is the liability you hold if the exam information is leaked through a breach?


5. How do you ensure compliance with ADA with respect to physical accessibility of test sites and the provision of accommodations in the taking of the examinations by qualified disabled candidates?


6. Can we assume that your agreement states that you have provisions for mandatory insurance including general liability (at least $1 million in the aggregate and per occurrence), automobile liability (combined single limit of at least $1 million), and workers compensation as required by law?


7. How are we protected by unreasonable price increases?


8. How often are test centers outside of North America physically reviewed?


9. Do you have capabilities such as capturing a digital signature, collecting digital photo and providing photo on score report?


10. Do you have any form of secret shopper program?


11. What forms of marketing assistance do you provide?


12. Kryterion has less testing centers than other providers. How can we tell the difference in selective judgement of Kryterion bringing on new centers vs the centers themselves not joining up due to their inability to generate profit from partnering with Kryterion?


13. Can you send us a copy of a sanitized RFP for another entity where you competed against Prometric and/or Vue?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cert/attachments/20080907/10ad91b7/attachment.html 

More information about the Owasp-cert mailing list