By: David A. Wheeler, OpenSSF
The Open Source Security Foundation (OpenSSF) and Linux Foundation Training & Certification earlier this year released a completely free “Developing Secure Software” (LFD121) online training course in hopes of making training in basic cybersecurity best practices more accessible to everyone around the world. To make this educational content even easier to access, the course is now available through SCORM Connect, so that organizations with their own SCORM-compliant Learning Management Systems (LMSs) can integrate the course into their own LMSs. This integration will be free for accredited educational institutions (such as universities) and OpenSSF premier members. Other organizations may also access the training content through SCORM Connect but will be subject to a fee to cover the cost of providing this service.
This training course is geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software. It focuses on practical steps that can be taken, even with limited resources, to improve information security. Topics covered include the basics of cybersecurity, such as what risk management really means. The course discusses how to consider security as part of the requirements of a system, and what potential security requirements should be considered. It also explores how to secure the software supply chain; key implementation issues including input validation (such as why allowlists should be used and not denylists), processing data securely, calling out to other programs, sending output, and error handling; practical steps to counter the most common kinds of attacks; and how to verify software for security. There is also discussion of more specialized topics, such as how to develop a threat model and how to apply various cryptographic capabilities.
Making this training that is available for free through Linux Foundation Training & Certification also accessible through LMS’ where students and developers already spend time, is yet another way OpenSSF is helping developers worldwide learn how to develop secure software. SCORM Connect is a widely-used approach for allowing LMS systems to incorporate course material into the LMS, while also enabling seamless updates as the curriculum is updated. Our goal is to rapidly increase the number of software developers who can develop secure software. You will continue to be able to access the training materials and certificate of completion for free through Linux Foundation’s Training & Certification platform, and you can also access the training materials for free via the edX learning platform.
Accredited educational institutions and OpenSSF premier members interested in incorporating this training into their LMS via SCORM Connect should submit a request. Anyone else interested in completing this training for free can enroll here.