The OpenSSF Plan for Improving Software Developer Security Education provides recommendations on how to improve the security education of software developers worldwide by expanding training materials and incentives for that training. In this report we briefly justify why secure software development education is needed and then summarize the current state of educational materials. We then discuss the OpenSSF education efforts from 2022 through 2023, including the identified need to “collect and curate content”, and identify focused requirements. We conclude with a summary of OpenSSF education efforts that we propose for 2024 as well as those underway.
Plan for Improving Software Developer Security Education
Fill out the form to download your copy of the Plan for Improving Software Developer Security Education
A Japanese language version of the paper is also available for download.
The plan recommends the prioritization of educational materials:
For any software developer
Improved version of “fundamentals of developing secure software” course
For manager supervising developers
What managers should expect developers to know and do to develop secure software
For software developer (specific ecosystem & specialized topics, e.g., threat modeling)
Deeper security knowledge on a specific ecosystem or topic
Download our Plan for Improving Software Developer Security Education to learn more.