There's nothing quite like stirring the pot of controversy. Last month, my Cache Advance column addressed the issue of cheating on certification exams. Specifically, I said that using "study aids" (i.e., stolen exams) that come from braindump Web sites could put a certification candidate at risk of being accused of cheating. The column was intended to inform people that many certifying agencies are now using data forensics to analyze test responses and look for extremely unusual behavior. As it turns out, people who use braindump materials often fall into this category. The ultimate penalty for cheating could be loss of certification with negative employment consequences.

This assertion led to a reader backlash, with some people suggesting that the forensic analysis is inaccurate and would ensnare people who did not cheat in any way, shape or form. Anonymous readers posted comments such as these:
* “…who validates the forensics (since this will destroy somones [sic] career for life)? In any investigation, there are always false positives. Legitimate people (even if only a few) will be caught unfairly. How will this be policed?”
* “We're supposed to believe that these tests are flawless? How are they going to handle it when they inevitably accuse an innocent person? The same way corporations always handle it, of course. Deny everything. Smear the person in the press. Throw lots of lawyers at them until they can't afford to go on. This sounds like another witch hunt.”
* “Has anyone else seen or heard of this? Is the Microsoft cheating, a rediculous [sic] red herring? Or is there some kind of official [sic] document saying if you get all the answers right you'll be banned?”

Clearly I need to provide more details around my assertions on certification cheating, and especially the use of data forensics to uncover possible cheaters. (Oh, and for the person who suggested I must be on Microsoft’s payroll, let me assure you that I am not and never have been.)

My sources for my information are the best they can be—people who work for the certifying agencies, the test centers and the data forensics company. (By “certifying agency,” I mean any company or organization that issues a certification based on a candidate meeting specified requirements. Examples would be Microsoft, Cisco, CompTIA, Linux Professional Institute, etc.) These organizations all have a vested interest in seeing that the certification process is legitimate and fair to everyone, and that any cheating that exists in the process is eliminated.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.