What is Certified Secure Software Lifecycle Professional?
Launched in 2008, CSSLP is designed for software development and security professionals involved in the SDLC. The certification's curriculum focuses on application vulnerabilities, risk and compliance issues that arise during the application development lifecycle. It is broken out into the following eight domains:
- Secure Software Concepts.
- Secure Software Lifecycle Management.
- Secure Software Requirements.
- Secure Software Architecture and Design.
- Secure Software Implementation.
- Secure Software Testing.
- Secure Software Deployment, Operations, Maintenance.
- Secure Software Supply Chain.
CSSLP is intended to help candidates validate their expertise in application security, be able to better handle application vulnerabilities and demonstrate a working knowledge of application security.
To be considered for the CSSLP certification, candidates must have at least four years cumulative paid full-time work experience in at least one of the eight CSSLP domains. Candidates can substitute a year of this work experience with a four-year college degree in a related field.
Candidates interested in taking the CSSLP exam who lack the work experience can become an Associate of ISC2. Once they have enough work experience, they can submit an endorsement application to gain certification.
The CSSLP exam is three hours long and consists of 125 multiple-choice questions. Candidates must achieve a minimum of 700 out of 1,000 points to pass. The exam costs $599. To maintain certifications, members must pay a $125 annual maintenance fee and earn 90 continuing professional education credits over three years.
Editor's note: This article was written by Madelyn Bacon in 2015. TechTarget editors revised it in 2023 to improve the reader experience.