CICRA: Certifying Software Developers

The recent spate of hacking attacks has left Sri Lanka aware of how painfully vulnerable our data is.  When a hacker can just infiltrate the top-level domain of a country (like nic.lk), you know how serious it’s gotten.

CICRA is making efforts to improve the overall security of the software industry at large. According to the International Council of Electronic Commerce Consultants, about 95 percent of software bugs come from common, well-understood programming mistakes. Hackers don’t necessarily brute-force their way into systems: they exploit bugs like these to gain access. To that end, CIRCA recently launched a program to certify software developers in terms of global security – a certification that proves that the programmer holding that is aware of these mistakes and can write code competently enough to keep all but the most well-equipped hackers at bay.

“Sri Lankan government has announced in the 2013 budget that it targets to earn US$ 1 billion worth foreign exchange through IT exports by 2016. This requires showcasing country’s IT industry as a safe destination for hacker proof software development,” stated Boshan Dayaratne, CEO of CICRA, to the Sunday Times.

“It has come to a situation that we learn about at least a single hacking incident every day. Thus, responsibility on software developers to ensure that the applications they make are not vulnerable is immense. That is why we have to train and certify our software developers.”

Indeed, Sri Lanka’s software skills come under question when even the country’s critical data can be breached on a daily basis. CICRA’s certification is a step in the right direction. While we don’t know the exact syllabus, it is stated that the Secure Software Developer certification, as it is called, includes a lengthy training period on avoiding such mistakes and exploits before the actual certification itself. Those who obtain this certification can also move on up to become a Secure Certified Programmer (ECSP) of the EC-council itself – an international security qualification. It won’t be the be-all end-all of programming. No system is 100% secure. But half a loaf of bread, as they say, is better than nothing at all.