News

OpenSSF Offers Free Training on Developing Secure Software

• By John K. Waters
• November 5, 2020

The Open Software Security Foundation (OpenSSF) has created three courses on developing secure software, which are being offered for free as part of the Secure Software Development Fundamentals Professional Certificate program, on the nonprofit edX learning platform.

The program is aimed at all software developers, according to the OpenSSF blog, and it "focuses on practical steps that any software developer can easily take, not theory or actions requiring unlimited resources."

The courses are specifically designed to teach how to develop secure software while reducing damage and increasing the speed of the response when a vulnerability is found. The program includes a Professional Certificate program, Secure Software Development Fundamentals, which can allow individuals to demonstrate that they've mastered this material.

The OpenSSF, which is a project within the Linux Foundation in August of this year, was created to provide a structured forum for a collaborative, cross-industry effort, the blog reads. It's billed as a cross-industry organization that brings together the industry's most important open-source security initiatives and the individuals and companies that support them. It combines the Linux Foundation's Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab to build a community to support the open source security for decades to come.

The OpenSSF "is committed to working both upstream and with existing communities to advance open source security for all," according to the blog.

"The OpenSSF has already demonstrated incredible momentum which underscores the increasing priorities placed on open source security," said Mike Dolan, SVP and GM of Projects at The Linux Foundation, in a statement. "We're excited to offer the Secure Software Development Fundamentals professional certificate program to support an informed talent pool about open source security best practices."

The OpenSSF is releasing the course materials today (Nov. 5), and public enrollment for the courses and certificate is open now.

The OpenSSF also announced that 16 new contributors have joined as members this year, including Arduino; AuriStor; Canonical; Debricked; Facebook; Huawei Technologies; iExec Blockchain Tech; Laboratory for Innovation Science at Harvard (LISH); Open Source Technology Improvement Fund; Polyverse Corporation; Renesas; Samsung; Spectral; SUSE; Tencent; Uber; and WhiteSource.

Membership is not required to participate in the OpenSSF. For more information about the new members is available on the OpenSSF website.