Free security training from the Open Source Security Foundation
A free training course on developing secure software from the Open Source Security Foundation is now available.
Cybersecurity breaches have become household names in recent years, Log4Shell, SolarWinds Compromise, Heartbleed, to name a few. These are costing organisations billions of dollars in prevention and remediation costs and are becoming more and more common.
Reacting to breaches after the fact is helpful, but not enough; such reactions fail to protect users in the first place. Security needs to instead be baked into the software before it’s released. Unfortunately, most software developers don’t know how to do this.
The Open Source Security Foundation (OpenSSF) has partnered with Linux Foundation Training & Certification to release a free online training course, Developing Secure Software. The two organisations say the training course will help elevate these security issues and improve access to cybersecurity training for everyone from developers to operations teams to end-users.
Those who complete the course and pass the final exam will earn a certificate of completion valid for two years.
The course is geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software. It focuses on practical steps that can be taken, even with limited resources, to improve information security.
The goal is to make it easier to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.
The course discusses the basics of cybersecurity, such as what risk management means. It discusses how to consider security as part of the requirements of a system and what potential security requirements you might consider. It then focuses on designing software to be secure, including various secure design principles that will help you avoid bad designs and embrace good ones.
The course also covers how to secure your software supply chain and more securely select and acquire reused software (including open-source software) to enhance security.
There is also a focus on key implementation issues and practical steps that you can take to counter the most common kinds of attacks. It also discusses more specialised topics, such as how to develop a threat model and how to apply various cryptographic capabilities. The course content mirrors the Secure Software Development program offered with edX, but in a single course instead of three.
The self-paced course can be completed in about 14-18 hours and includes quizzes to test the knowledge gained. Upon completion, participants will receive a digital badge verifying they have completed all required coursework and have learned the material. The digital badge can be added to resumes and social media profiles.