What you will learn
- Security basics: Learn about risk management, the “CIA” triad, and requirements.
- Secure design principles: Discuss principles such as “least privilege” and how to apply these principles.
- Supply chain evaluation: Learn tips on how to choose packages to reuse, and how to reuse them so that you can rapidly be alerted & update the software.
- Implementation: Learn how to implement more secure software (how to do input validation, process data securely, call out to other programs, and send output), and more specialized approaches (such as basics of cryptography and handling problems).
- Security Verification: Learn how to examine software, include some key tool types, how to apply them in continuous integration (CI).
- Fielding: Learn how to deploy and operate secure software, handle vulnerability reports, and how to rapidly update when reused components have publicly-known vulnerabilities.
- Learn how to securely use and develop open source software.
Almost all software is under attack today, and many organizations are unprepared in their defense. This professional certificate program, developed by the Open Source Security Foundation (OpenSSF), a project of the Linux Foundation, is geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, focusing on practical steps that can be taken, even with limited resources to improve information security. The program enables software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired. The best practices covered in the course apply to all software developers, and it includes information especially useful to those who use or develop open source software.
The program discusses risks and requirements, design principles, and evaluating code (such as packages) for reuse. It then focuses on key implementation issues: input validation (such as why allowlists and not denylists should be used), processing data securely, calling out to other programs, sending output, cryptography, error handling, and incident response. This is followed by a discussion on various kinds of verification issues, including tests, including security testing and penetration testing, and security tools. It ends with a discussion on deployment and handling vulnerability reports.
The training courses included in this program focus on practical steps that you (as a developer) can take to counter most common kinds of attacks. It does not focus on how to attack systems, how attacks work, or longer-term research.
Modern software development depends on open source software, with open source now being pervasive in data centers, consumer devices, and services. It is important that those responsible for cybersecurity are able to understand and verify the security of the open source chain of contributors and dependencies. Thanks to the involvement of OpenSFF, a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community, targeted initiatives, and best practices, this program provides specific tips on how to use and develop open source securely.
Courses in this program
LinuxFoundationX's Secure Software Development Fundamentals Professional Certificate
- 1–2 hours per week, for 7 weeks
Learn the security basics that allow you to develop software that is hardened against attacks, and understand how you can reduce the damage and speed the response when a vulnerability is exploited.
- 48% of technical hiring managers surveyed for the 2020 Open Source Jobs Report stated hiring professionals with security expertise is a high priority.
- Security Software Developers earn 35% more than Software Developers in a US nationwide average according to ZipRecruiter Sep 25, 2020 data.
- The US Bureau of Labor Statistics reports employment of Information Security Analysts is projected to grow 31% from 2019 to 2029, much faster than the average for all occupations, and higher than the growth for Software Developers in general (22%).
- According to a July 2020 research conducted by ESG and ISSA, 70% of respondents claim that their organization has been impacted significantly or somewhat by the global cybersecurity skills shortage.
Meet your instructor
Experts from LinuxFoundationX committed to teaching online learning
In today's world where more companies are using more software, becoming software companies themselves and everything is becoming connected, security education is more important than ever. At CNCF, we are excited about this new security professional certificate, and intend to have all of our project leadership pass the courses in the program and recommend you do the same in your communities.
- Unfortunately, learners from one or more of the following countries or regions will not be able to register for this program: Iran, Cuba and the Crimea region of Ukraine. While edX has sought licenses from the U.S. Office of Foreign Assets Control (OFAC) to offer our courses to learners in these countries and regions, the licenses we have received are not broad enough to allow us to offer this program in all locations. EdX truly regrets that U.S. sanctions prevent us from offering all of our courses to everyone, no matter where they live.