The Open Source Security Foundation (OpenSSF), in partnership with Linux Foundation Training & Certification, offers a free online training course, Developing Secure Software (LFD121). Those who complete the course and pass the final exam will earn a free certificate of completion valid for two years.
The course is geared towards software developers (including DevOps professionals, software engineers, web application developers, and others) interested in learning how to develop secure software. It focuses on practical steps that can be taken, even with limited resources, to improve information security. The goal is to make it easier for these individuals to create and maintain systems that are much harder to successfully attack, to reduce the damage when attacks are successful, and to speed up response to rapidly repair vulnerabilities.
This course is timely. Cybersecurity breaches cost organizations billions of dollars in prevention and remediation costs, yet at the same time they are becoming ever more common. These breaches also hurt the reputations of the individuals, projects, and organizations involved. Reacting to breaches after the fact is useful, but not enough; such reactions fail to protect users in the first place. Security needs to instead be baked into software before it’s released. Unfortunately, many software developers don’t know how to do this. It’s not required at many universities (even when offered), and many software developers don’t go to a university to learn their craft. Those software developers who do know how to do this have an advantage when looking for work, when seeking a promotion, or when simply writing software for their own purposes.
The course starts by discussing the basics of cybersecurity, such as what risk management really means. It discusses how to consider security as part of the requirements of a system, and what potential security requirements you might consider. It then focuses on how to design software to be secure, including various secure design principles that will help you avoid bad designs and embrace good ones. It also considers how to secure your software supply chain, that is, how to more securely select and acquire existing software (including open source software) to enhance security.
The course also focuses on key implementation issues and practical steps that you can take to counter the most common kinds of attacks. Discussion follows on how to verify software for security, including various static and dynamic analysis approaches, as well as how to apply them (e.g., in a continuous integration pipeline). It also discusses more specialized topics, such as the basics of how to develop a threat model and how to apply various cryptographic capabilities.
The course content has been refined since its release, e.g., it now includes information about quantum cryptography and its largest unit has been broken into smaller, more manageable pieces. We continue to offer the same learning content with edX, for those who prefer to use the edX platform.
The self-paced course can be completed in about 14-18 hours and includes quizzes to test the knowledge gained. Upon completion, participants will receive a digital badge verifying that they have been successful in all required coursework and have learned the material. This digital badge can be added to resumes and social media profiles.Â
Enroll today to start improving your cybersecurity skills and practices!