We're about to launch two new electives for the MCSD certification. 70-330, Implementing Security for Applications with Microsoft Visual Basic .NET and 70-340, Implementing Security for Applications with Microsoft Visual C# .NET. (These exams should be in beta in April.)

These are the first MCSD electives that aren't based on a server product. One of the challenges facing Microsoft is that the perceived security of our platform depends on the security knowledge of the folks who build applications. If application X running on top of .NET gets hacked, it shows up in the press as “.NET application vulnerable.” It's perceived as an issue with the platform, even when the problem is specific to the application.

It's our job to fix this, and we'll do fix it by educating developers who are building the applications. It's good for us, because we want our customers to be successful. It's good for our customers, because they are secure. And it's good for developers, because they can sleep more soundly.

In the public events we're running at the moment, we're doing all security content. We also have some great guidance on how to build secure applications, including books like Building Secure ASP.NET Applications and Improving Web Application Security: Threats and Countermeasures. It's great to see the MCP team supporting us by encouraging developers to get security certified.

I would love to see the MCP program go to the next step and create an MCSD + Security along the same lines as the MCSE + Security credential for IT pros. I don't know their plans, but I'll be lobbying for this next time I see anyone on that team!