(ISC)2 opened registration for classes and exams for its Certified Secure Software Lifecycle Professional (CSSLP) certification, with the first classes beginning this month. Many security zealots, like me, have been emphasizing the fact that >90% of vulnerabilities are at the software layer and most exploitations take advantage of known and un-patched security holes. This is pretty much the result of insecure software production (not just coding, but bad design and testing too) yet many of the investment dollars, standards, certification, etc. continue to be spent at the network layer.”]
Source: https://www.csoonline.com/article/2135991/csslp—-it-s-about-time-.html