In what likely will be a recurring theme for companies that deal in software, aerospace manufacturing giant Lockheed Martin has announced it is partnering with the SANS Institute to certify 75 of its programmers in secure code development.
Bethesda, Md.-based Lockheed, a $42 billion company that provides IT solutions and services to the federal government, becomes the first systems integrator to offer application assurance to customers, SANS’ research head Alan Paller said.
Programmers will receive skills development, assessment and certification under the SANS Global Information Assurance Certification standard. They will be trained in common language frameworks, including Java and .NET.
“Lockheed Martin integrates all aspects of information assurance into every solution it delivers and continues to invest in proactive security measures,” said Eric Cole, senior cybersecurity fellow at Lockheed. “We are committed to improving secure software development practices and are certifying our employees who are working in the area of cybersecurity on customer programs.”
This news is particularly important because Lockheed’s largest customer is the U.S. Department of Defense.
Lockheed said that depending how successful the certification program, it may extend beyond the 75 programmers.
The company did not say what might happen to the programmers if they are unable to achieve certification.
The topic of security is one that is undoubtedly working its way into different IT roles and functions – including code development – but at least some backlash is sure to emerge. It is likely that training in secure code writing will be something new for these developers, and they may, at least initially, bark at the idea of another training requirement.
But that mindset is sure to change across verticals. While it may always be impossible to make a piece of software vulnerability free, it is nice to see a mega corporation like Lockheed blazing the trail.