Last week, IBM’s Security Intelligence blog reported on the highly-discussed cybersecurity skills shortage – and in particular, how some areas are lacking in talent more than others. “Software development is one of the areas most starved of security attention,” wrote Irene Michlin.

If you’ve set your sights on specializing in software development cybersecurity, the CSSLP certification is for you. Based on the results of the job task analysis conducted in 2019, the exam will be changing in several ways when it is published later this year. The number of items and the time allowed for the exam will be reduced (from 175 in four hours to 125 in three hours) without compromising the validity of the exam. There will also be updates made to five of the eight domains, and the weight of six domains.

The updates to the domains and their weights are noted below, with the differences highlighted:

July 2017 – September 14, 2020
#	Domains	Weights
1	Secure Software Concepts	13%
2	Secure Software Requirements	14%
3	Secure Software Design	16%
4	Secure Software Implementation / Programming	16%
5	Secure Software Testing	14%
6	Secure Lifecycle Management	10%
7	Software Deployment, Operations and Maintenance	9%
8	Supply Chain and Software Acquisition	8%
	Total:	100%

 

Effective September 15, 2020
#	Domains	Weights
1	Secure Software Concepts	10%
2	Secure Software Requirements	14%
3	Secure Software Architecture and Design	14%
4	Secure Software Implementation	14%
5	Secure Software Testing	14%
6	Secure Software Lifecycle Management	11%
7	Secure Software Deployment, Operations, Maintenance	12%
8	Secure Software Supply Chain	11%
	Total:	100%

By conducting job task analysis studies, updates are made to all (ISC)² certifications approximately every three years to ensure that they remain relevant to the roles and responsibilities of today’s practicing cybersecurity professionals. For more information on the upcoming updates to the CSSLP exam, read our FAQs .