The Certified Secure Software Lifecycle Professional (CSSLP) validates that software professionals have the expertise to incorporate security practices – authentication, authorization and auditing – into each phase of the Software Development Life Cycle (SDLC), from software design and implementation to testing and deployment.
The test is comprised of 125 items and the testing time allowed is three hours. It is a computer-based test (CBT). Items in the exam are primarily four-option multiple choice items with one correct key. At the end of the exam administration, candidates receive a provisional pass or fail decision. Failing candidates receive feedback on their exam performance by domains for complete exams; however, candidates who pass the exam receive a provisional congratulatory letter describing their next step in acquiring the credential.
The percentage (i.e., weight) of scored items by reporting domain:
• Domain 1. Secure Software Concepts (12%)
• Domain 2. Secure Software Lifecycle Management (11%)
• Domain 3. Secure Software Requirements (13%)
• Domain 4. Secure Software Architecture and Design (15%)
• Domain 5. Secure Software Implementation (14%)
• Domain 6. Secure Software Testing (14%)
• Domain 7. Secure Software Deployment, Operations, Maintenance (11%)
• Domain 8. Secure Software Supply Chain (10%)
