Monday, August 04, 2008
Why Enterprises should care about IT Certification
I am currently leading the OWASP Certification Project and was thinking about reasons why large enterprises, outsourcing firms and software houses such as Microsoft, IBM, Oracle, Sun and others should care...
Normally, I don't practice distillation, but I have landed on two plausible reasons why certifying developers and architects matter.
1) Certifying developers and architects allows for software hourses and outsourcing firms to not hire bad programmers.
2) Certifying software houses and outsourcing firms allows enterprises to not hire bad software hourses and outsourcing firms.
One can conclude that there is no excuse for software houses and Indian outsourcing firms (wipro, cognizant, infosys, etc) to hire bad programmers. Likewise, if a software company isn't capable of identifying bad programmers, then they have no business of producing software for others. As for outsourcing firms, if they don't know enough about software to evaluate the quality of solution that they bring to the table and can only deliver on the functional aspects, enterprises may be better off in the long run of keeping work onshore.
The ability to specify security features is easy to capture in business requirements documents but the ability to write applications securely is sorely missing. Right now, the industry needs to separate those who know how to vs those who don't. If Cognizant knows how to write secure code and Infosys doesn't then the market benefits from this knowledge. Likewise, if Cognizant is making progress towards teaching each and every developer how to write secure code without making it a financial burden on their clients while Satyam only sees it as a revenue opportunity, then the marketplace benefits from this form of transparency..
| | View blog reactionsNormally, I don't practice distillation, but I have landed on two plausible reasons why certifying developers and architects matter.
1) Certifying developers and architects allows for software hourses and outsourcing firms to not hire bad programmers.
2) Certifying software houses and outsourcing firms allows enterprises to not hire bad software hourses and outsourcing firms.
One can conclude that there is no excuse for software houses and Indian outsourcing firms (wipro, cognizant, infosys, etc) to hire bad programmers. Likewise, if a software company isn't capable of identifying bad programmers, then they have no business of producing software for others. As for outsourcing firms, if they don't know enough about software to evaluate the quality of solution that they bring to the table and can only deliver on the functional aspects, enterprises may be better off in the long run of keeping work onshore.
The ability to specify security features is easy to capture in business requirements documents but the ability to write applications securely is sorely missing. Right now, the industry needs to separate those who know how to vs those who don't. If Cognizant knows how to write secure code and Infosys doesn't then the market benefits from this knowledge. Likewise, if Cognizant is making progress towards teaching each and every developer how to write secure code without making it a financial burden on their clients while Satyam only sees it as a revenue opportunity, then the marketplace benefits from this form of transparency..
