By Ejiro Oghenekome and Sal Kimmich, CSM
Whether you’re just getting started with open source security or want to deepen your knowledge, these free courses from Linux Foundation Education and OpenSSF offer valuable, self-paced learning paths. Each is available online and designed to help contributors understand both the technical and community aspects of secure open source development.
In our previous blog, From Beginner to Builder: Your First Code Contribution, we explored how to contribute to security-focused open source projects through hands-on participation. This companion piece focuses instead on how you can prepare through structured training, especially if you want to grow your expertise before or alongside code contributions.
For Everyone
LFC105: Antitrust Laws and OSS Project Management and Participation
Duration: 60 Minutes of Course Material
Covers the legal basics of antitrust laws and how they apply to multi-stakeholder open source collaboration. This is especially important for contributors participating in foundation-led efforts where competing vendors collaborate. This course is designed for all individuals that participate in open source projects at any level – contributors, maintainers, Steering Committee members and Governing Board members.
LFC104: Ethics for Open Source Development
Duration: 120 Minutes of Course Material. Explains ethical decision-making in open source, including governance, inclusivity, and responsibility. Offers strong grounding in how to build and lead projects while upholding community-first values. This course is designed primarily for product managers and developers who want to learn how to effectively incorporate ethics-by-design techniques into their workflows.
For Developers and Engineers
LFD121: Developing Secure Software
Duration: 16-20 Hours of Course Material. A full-length foundational course on secure design, coding practices, threat modelling, and dependency management. Especially useful for any developer contributing to OpenSSF tools or improving security posture in open source projects.
LFEL1006: Securing Projects with OpenSSF Scorecard
Duration: 60-90 Minutes of Course Material. Quickly learn how to integrate OpenSSF Scorecard checks into GitHub or GitLab to automate security posture evaluation. A practical and lightweight course for contributors who want to level up a project’s security health.
LFEL1012: Secure AI/ML-Driven Software Development
Duration: 60-90 Minutes of Course Material. Advance your career by mastering secure use of AI assistants. You’ll gain the skills to balance speed with security, write safer code, and review changes with confidence in today’s fast-moving software world.
For Policy and Compliance Contributors
LFEL1001: Understanding the EU Cyber Resilience Act (CRA)
Duration: 60-90 Minutes of Course Material. Covers CRA obligations for software producers and maintainers, including timelines and technical documentation expectations. A must for anyone advising on or contributing to projects affected by global regulatory changes.
LFEL1007: Automating Supply Chain Security: SBOMs and Signatures
Duration: 60-90 Minutes of Course Material. Learn about software provenance, the role of source control, dependency tracking and creation of SBOMs. Get familiar with SBOM and signatory tools, and apply cosign and SLSA workflows with GitHub Actions. By the end of this course, you should be able to create a plan for your own project to begin automating supply chain security.
For Community, DEI, and Mentorship Contributors
LFC102: Inclusive Open Source Community Orientation
Duration: 2 Hours of Course Material. Introduces unconscious bias, micro-inclusion, and inclusive communication practices. Recommended for anyone joining working groups, community teams, or planning to participate in mentorship.
Inclusive Open Source Community Orientation (LFC102) – Linux Foundation – Education
Final Thoughts
These courses are not prerequisites, but they are a powerful foundation. Taken on their own, they offer professional-grade insight into the responsibilities and expectations of contributing to secure open source communities. Taken alongside a contribution journey, they will help you become the kind of collaborator every project wants: thoughtful, informed, and effective.
Explore all training options and get started here: Get Involved – Open Source Security Foundation