About The Secure Code Alliance

The Secure Code Alliance (SCA) was formed in 2021 to address the need that organizations have to ensure its developers are aware of and implement Secure Software Development Practices (SSDP) in order to minimize the threat posed by malicious actors against the organization’s applications, services and processes.

The SCA’s conformity assessment is the Developing Security & Privacy by Design (DSPD) initiative. The DSPD is an effort to promote transdisciplinary competency for developers to deliver trustworthy Applications, Services and Processes (ASP). This concept of competency is focused on a practitioner’s or architect’s ability to:

Work with stakeholders to ensure that security objectives, protection needs/concerns, security requirements and associated validation methods are defined;
Define security and privacy requirements, including associated verification methods;
Develop security views and viewpoints of the system architecture and design;
Identify and assess susceptibilities and vulnerabilities to lifecycle hazards and adversities;
Design proactive and reactive features and functions encompassed within a balanced strategy to control asset loss and associated loss consequences;
Provide security considerations to inform systems engineering efforts with the objective to reduce errors, flaws and weaknesses that may constitute a security vulnerability;
Perform system security analyses and interprets the results of system security-relevant analyses in support of decision-making for engineering trades and risk management;
Identify, quantify and evaluate the costs and benefits of security features and functions and considerations to inform assessments of alternative solutions, engineering trade-offs and risk treatment decisions;
Demonstrate through evidence-based reasoning that security and trustworthiness claims for the system have been satisfied; and
Leverage multiple security and other specialties to address all feasible solutions.

OUR VISION

OUR MISSION

The SCA’s vision is that organizations from all industries ensure that the development of applications, services and processes employ adequate security and privacy measures throughout the Software/System Development Life Cycle (SDLC) to ensure security and privacy-related risks are identified and remediated appropriately.

The SCA’s conformity assessment methodology is designed with these concepts in mind:

Identify the discipline basics for SSDP in terms of its principles, concepts and activities; and
Foster a common mindset to deliver secure applications, services and processes, regardless of its purpose, type, scope, size, complexity, or stage of the SDLC.

The SCA’s mission is to improve the awareness and adherence to SSDP by application developers and architects through operating a conformity assessment methodology that:

Spans the design, development and maintenance of applications, services and processes;
Educates applicants through reinforcing reasonably-expected security and privacy principles, based on voluntary consensus standards that considered developer-specific industry-recognized practices; and
Leverages an online platform to test applicants on subject matter expertise that awards the applicant with a Certificate of Conformity (CoC) upon receiving a successful score.

OUR STRATEGY

The SCA’s strategy is to:

Operate a cost-effective and meaningful conformity assessment methodology, the DSPD initiative; and
Certify individuals for competency among application developers and architects. There are two (2) certifications available:
- Certified SCA Architect (CSCAA) (designed for application architecture roles)
- Certified SCA Practitioner (CSCAP) (designed for developer roles)

The DSPD initiative is focused on developing a conformity assessment methodology that addresses:

"Practitioner-level competency" among developers; and
"Expert-level competency" among architects.

Developing Security & Privacy by Design (DSPD) Initiative

DSPD Initiative

As a personnel certification body, the SCA determines if an applicant fulfils certification requirements. Each applicant’s subject matter expertise on selected voluntary consensus standards is tested to determine if an acceptable level of competency is met.

Per ISO/IEC 17024 guidelines, certifications:

Are meant to be a public statement or declaration that an individual has passed an examination and otherwise met specified criteria demonstrating that the individual has the competencies necessary to successfully perform the role and responsibilities that comprise a specific occupation;
Are granted for a limited period of time;
Must be renewed to ensure that individuals continue to possess the competencies required to perform the job; and
May require ongoing education and/or assessment and/or experience for renewal.

The DSPD initiative’s conformity assessment leverages an online platform to test applicants on subject matter expertise through a one hundred (100) question set of multiple-choice problems. The DSPD leverages the three (3) general types of test questions and principle areas of focus that are used when constructing test questions:

Recall;
Application; and
Analysis.

About The Secure Code Alliance

OUR VISION

OUR MISSION

OUR STRATEGY

Developing Security & Privacy by Design (DSPD) Initiative

OTHER LINKS

Privacy Notice
Blog

SOCIAL

ABOUT

Subscribe To The SCA Newsletter