The Open Source Security Foundation has released a free training course on designing secure software. Log4Shell, SolarWinds Compromise, and Heartbleed, to mention a few, have all become household names in recent years. These are becoming widespread and are costing businesses billions of dollars in preventative and remediation costs.
Reacting after a breach has occurred is beneficial, but it is insufficient; such responses fail to protect users in the first place. Instead, security should be incorporated into software before it is deployed. Unfortunately, the majority of software engineers are unaware of how to do so.
The Open Source Security Foundation (OpenSSF) has teamed up with Linux Foundation Training & Certification to offer Developing Secure Software as a free online training course. The training course, according to the two organisations, will assist raise awareness of these security risks and increase access to cybersecurity training for everyone from developers to operations teams to end-users.
Those who finish the course and pass the final test will receive a two-year certificate of completion. Software developers, DevOps workers, software engineers, web application developers, and others interested in understanding how to design secure software should take this course. It focuses on practical initiatives that may be performed to improve information security, even with little resources.
The goal is to make it easier to build and maintain systems that are significantly more difficult to successfully attack, to limit the harm caused by successful attacks, and to speed up the response time so that any latent weaknesses may be addressed quickly.
The course covers the fundamentals of cybersecurity, such as risk management. It goes over how to think about security as part of a system’s requirements and what kinds of security requirements you should think about. It then moves on to secure software design, covering a number of secure design principles to assist you avoid bad designs and embrace good ones.
To improve security, the course also covers how to safeguard your software supply chain, as well as how to more securely pick and buy reusable software (including open-source software).
There’s also a focus on significant implementation challenges and actual countermeasures to the most frequent types of assaults. It also goes into more advanced subjects like how to create a threat model and how to use different cryptographic capabilities. The material of the course is similar to that of edX’s Secure Software Development curriculum, however it is delivered in a single course rather than three.
The self-paced course takes about 14-18 hours to complete and includes quizzes to test what you’ve learned. Participants will receive a digital badge after completing the course, indicating that they have completed all needed courses and have learned the topic. Resumes and social media accounts can display the digital badge.