Aspect Security has launched a free baseline knowledge tool that claims to produce an accurate assessment of a development team's knowledge of application security. Secure Coder Analytics can be accessed online to determine the skill set and level of a group of developers or individuals.
- Securosis Analyst Report: Security and Privacy on the Encrypted Network
- Simplify IT With Cloud-Based Wireless Management
- How to Mitigate Fraud & Cyber Threats with Big Data and Analytics
- Real results: Speeding quality application delivery with DevOps [in financial services]
"How do you know what you don't know? That's the challenge facing development teams that want to develop secure code. There's no shame in not knowing all of the tricky aspects of application security, and now you can find out where your gaps are," said Jeff Williams, CEO of Aspect Security.
Williams is also cofounder of the Open Web Application Security Project (OWASP), and he contends his firm's Secure Coder Analytics takes a developer approximately 20 minutes to complete and tests knowledge in various security areas via a multiple-choice assessment.
Questions are randomized from what is said to be an "extensive" pool of questions. Managers of development teams can set up their own tests and invite developers to participate anonymously. After participating, each developer sees their own grade and managers can see aggregate scores that reveal the strengths and weaknesses of the team as a whole.
Aspect Security's eLearning curriculum features 53 learning modules at three different levels of technical depth. The company says that its eLearning solution is in use by developers worldwide at many corporate entities, including giants in the financial, shipping, and logistics and airline industries and government agencies.