The CSSLP exam is comprised of 125 items and the testing time is allowed for three hours. It is a computer-based test (CBT). Items in the exam are four-option multiple choice items with one correct key. At the end of the exam administration, candidates receive their pass/fail decision. Failing candidates receive feedback on their exam performance by domains; however, candidates who pass the exam receive their congratulatory letter describing their next step in acquiring the credential.
CSSLP exam is updated on a regular basis by conducting job task analysis every three years and by writing and pretesting many items throughout the year to maintain a robust item bank.
The CSSLP exam requires candidates to demonstrate the following knowledge, skills and abilities: Secure Software Concepts (10%); Secure Software Requirements (14%); Secure Software Architecture and Design (14%); Secure Software Implementation (14%); Secure Software Testing (14%); Secure Software Lifecycle Management (11%); Secure Software Deployment, Operations, Maintenance (12%); and Secure Software Supply Chain (11%).