Tuesday, July 22, 2008
OWASP Preliminary Certification Results
Several folks have pinged me offline in hopes of getting a peak at the results of the OWASP survey. Many folks wanted to understand the answers to such questions as which industry analyst firms best understand the challenges of Web Application Security. I found it somewhat insightful how folks perceive firms such as Redmonk, Gartner, Forrester, Entiva and the Burton Group.
Anyway, below are preliminary results to a few select questions. The full report will be made available at the end of the week...
| | View blog reactionsAnyway, below are preliminary results to a few select questions. The full report will be made available at the end of the week...
Page: Introduction
| 1. Please indicate your gender. | |||
|---|---|---|---|
| Response Percent | Response Count | ||
| Female |  | 7.7% | 31 |
| Male | | 92.3% | 370 |
| answered question | 401 | ||
| skipped question | 4 | ||
| 2. Please select the category that includes your age. | |||
|---|---|---|---|
| Response Percent | Response Count | ||
| 17 or younger | 0.0% | 0 | |
| 18 to 24 | | 12.8% | 51 |
| 25 to 34 | | 44.8% | 179 |
| 35 to 44 | | 25.0% | 100 |
| 45 to 54 | | 12.5% | 50 |
| 55 to 64 | | 4.0% | 16 |
| 65 or older | | 1.0% | 4 |
| answered question | 400 | ||
| skipped question | 5 | ||
Page: Preferences
| 6. Has not having a particular certification or credential ever hindered your career? | |||
|---|---|---|---|
| Response Percent | Response Count | ||
| Yes | | 28.2% | 97 |
| No | | 58.7% | 202 |
| Unknown | | 13.1% | 45 |
| answered question | 344 | ||
| skipped question | 61 | ||
| 7. In your opinion, what should be the target failure rate for first-time exam takers? | |||
|---|---|---|---|
| Response Percent | Response Count | ||
| 80% | | 9.0% | 31 |
| 70% | | 18.3% | 63 |
| 60% | | 13.3% | 46 |
| 50% | | 15.1% | 52 |
| 40% | | 11.6% | 40 |
| 30% | | 14.8% | 51 |
| 20% | | 2.3% | 8 |
| No opinion | | 15.7% | 54 |
| answered question | 345 | ||
| skipped question | 60 | ||
| 8. Do you believe that exams with higher failure rates are more credible? | |||
|---|---|---|---|
| Response Percent | Response Count | ||
| Yes | | 28.1% | 97 |
| No | | 37.7% | 130 |
| Maybe | | 25.2% | 87 |
| Unknown | | 9.0% | 31 |
| answered question | 345 | ||
| skipped question | 60 | ||
Page: Marketing
| 14. In your opinion, do you feel single-brand certifications and/or credentials such as Cisco, Microsoft, Novell, etc. help or hurt the industry? | |||
|---|---|---|---|
| Response Percent | Response Count | ||
| Help | | 30.1% | 100 |
| Hurt | | 21.4% | 71 |
| Neutral | | 41.0% | 136 |
| Undecided | | 7.5% | 25 |
| answered question | 332 | ||
| skipped question | 73 | ||
| 15. In your opinion, do you feel that training providers who teach courses geared towards obtaining OWASP certification should mandate that their instructors are certified? | |||
|---|---|---|---|
| Response Percent | Response Count | ||
| Yes | | 77.6% | 257 |
| No | | 10.3% | 34 |
| Maybe | | 9.7% | 32 |
| Undecided | | 2.4% | 8 |
| answered question | 331 | ||
| skipped question | 74 | ||
Page: Test Methods
| 22. VUE (http://www.vue.com) and Prometric (http://www.prometric.com) both provide computer based testing at existing testing centers throughout the world. While the actual payment to VUE or Prometric to provide an exam varies with volume, at least $75 of an exam's price would go to VUE or Prometric. What do you perceive as the advantages of having the exam available at a VUE or Thomson testing center? (choose all that apply) | |||
|---|---|---|---|
| Response Percent | Response Count | ||
| It would make the exam available in my geographic area | | 73.0% | 216 |
| the exam would be inexpensive | | 24.0% | 71 |
| the exam delivery would be secure | | 35.8% | 106 |
| It would be easy to register and pay for an exam | | 60.1% | 178 |
| I would prefer not to take the exam using VUE or Prometric testing center | | 12.8% | 38 |
| Other (please specify) | 23 | ||
| answered question | 296 | ||
| skipped question | 109 | ||
Page: Final
| 30. Please rate which industry analyst firms best understand the challenge of implementing Web Application Security. | ||||||||
|---|---|---|---|---|---|---|---|---|
| First Place | Second Place | Third Place | Fourth Place | Fifth Place | Sixth Place | Last Place | Response Count | |
| Gartner | 51.2% (44) | 7.0% (6) | 10.5% (9) | 10.5% (9) | 2.3% (2) | 2.3% (2) | 16.3% (14) | 86 |
| Forrester | 19.4% (13) | 44.8% (30) | 9.0% (6) | 11.9% (8) | 4.5% (3) | 10.4% (7) | 0.0% (0) | 67 |
| Burton Group | 25.9% (15) | 12.1% (7) | 27.6% (16) | 13.8% (8) | 10.3% (6) | 3.4% (2) | 6.9% (4) | 58 |
| Yankee Group | 2.4% (1) | 16.7% (7) | 19.0% (8) | 35.7% (15) | 7.1% (3) | 11.9% (5) | 7.1% (3) | 42 |
| Redmonk | 13.3% (4) | 6.7% (2) | 10.0% (3) | 10.0% (3) | 50.0% (15) | 6.7% (2) | 3.3% (1) | 30 |
| The 451 Group | 6.1% (2) | 15.2% (5) | 9.1% (3) | 6.1% (2) | 18.2% (6) | 36.4% (12) | 9.1% (3) | 33 |
| Elemental Links | 0.0% (0) | 0.0% (0) | 4.8% (1) | 9.5% (2) | 9.5% (2) | 19.0% (4) | 57.1% (12) | 21 |
| ZapThink | 4.3% (1) | 21.7% (5) | 26.1% (6) | 17.4% (4) | 4.3% (1) | 8.7% (2) | 17.4% (4) | 23 |
| Nemertes | 6.7% (1) | 13.3% (2) | 13.3% (2) | 6.7% (1) | 33.3% (5) | 6.7% (1) | 20.0% (3) | 15 |
| IDC | 0.0% (0) | 25.0% (7) | 21.4% (6) | 21.4% (6) | 14.3% (4) | 14.3% (4) | 3.6% (1) | 28 |
| AMR | 0.0% (0) | 7.7% (1) | 23.1% (3) | 23.1% (3) | 30.8% (4) | 7.7% (1) | 7.7% (1) | 13 |
| Ovum | 10.0% (1) | 10.0% (1) | 30.0% (3) | 20.0% (2) | 10.0% (1) | 0.0% (0) | 20.0% (2) | 10 |
| Enterprise Strategy Group | 12.5% (3) | 12.5% (3) | 16.7% (4) | 12.5% (3) | 4.2% (1) | 25.0% (6) | 16.7% (4) | 24 |
| Macehiter Ward-Dutton | 10.0% (1) | 20.0% (2) | 10.0% (1) | 0.0% (0) | 10.0% (1) | 10.0% (1) | 40.0% (4) | 10 |
| Other (please specify) | 20 | |||||||
| answered question | 100 | |||||||
| skipped question | 305 | |||||||
