I was pretty impressed when I saw this. Apparently there is a new certification program for application security specialists. I know other companies have attempted to move in this direction. Most notably is ISC2 with their CSSLP, with their motto, “I fill the holes in your SLC”. You can see that Dave Aitel supports the CSSLP:

While I respect Dave a lot, I can’t get behind filling holes. So, thankfully the CASS is here to fill that gap for us. I went through the process - thankfully it didn’t take much time. But I think someone who goes through the entire process shows a sincere interest, and that should make employers very happy. So if you’re out of a job and need a quick certification, the Certified Application Security Specialist is the cert for you. Go check it out! Don’t be like Dave Aitel, kids. Seriously, don’t.

Just something to brighten your day if you are one of the poor schleps having to code around every possibly security contingency. It’s also the concept behind “team rubber-hose cryptanalysis” that we started at DefCon several years ago. we figured we’d sweep up the hacking contest if we just bought some base-ball bats.

Click to enlarge.

Just because you have a secure system doesn’t mean the wet-ware is secure. Hope everyone is having a good weekend.