About this Professional Certificate
Almost all software is under attack today, and many organizations are unprepared in their defense. This professional certificate program, developed by the Open Source Security Foundation (OpenSSF), a project of the Linux Foundation, is geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, focusing on practical steps that can be taken, even with limited resources to improve information security. The program enables software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired. The best practices covered in the course apply to all software developers, and it includes information especially useful to those who use or develop open source software.
The program discusses risks and requirements, design principles, and evaluating code (such as packages) for reuse. It then focuses on key implementation issues: input validation (such as why allowlists and not denylists should be used), processing data securely, calling out to other programs, sending output, cryptography, error handling, and incident response. This is followed by a discussion on various kinds of verification issues, including tests, including security testing and penetration testing, and security tools. It ends with a discussion on deployment and handling vulnerability reports.
The training courses included in this program focus on practical steps that you (as a developer) can take to counter most common kinds of attacks. It does not focus on how to attack systems, how attacks work, or longer-term research.
Modern software development depends on open source software, with open source now being pervasive in data centers, consumer devices, and services. It is important that those responsible for cybersecurity are able to understand and verify the security of the open source chain of contributors and dependencies. Thanks to the involvement of OpenSFF, a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community, targeted initiatives, and best practices, this program provides specific tips on how to use and develop open source securely.
What you'll learn
- Security basics: Learn about risk management, the “CIA” triad, and requirements.
- Secure design principles: Discuss principles such as “least privilege” and how to apply these principles.
- Supply chain evaluation: Learn tips on how to choose packages to reuse, and how to reuse them so that you can rapidly be alerted & update the software.
- Implementation: Learn how to implement more secure software (how to do input validation, process data securely, call out to other programs, and send output), and more specialized approaches (such as basics of cryptography and handling problems).
- Security Verification: Learn how to examine software, include some key tool types, how to apply them in continuous integration (CI).
- Fielding: Learn how to deploy and operate secure software, handle vulnerability reports, and how to rapidly update when reused components have publicly-known vulnerabilities.
- Learn how to securely use and develop open source software.
| From | The Linux Foundation via edX |
|---|---|
| Hours | 42 |
| Instructor | David A. Wheeler |
| Language | English |
| Subjects | Programming |
Similar Courses
Sorted by relevance
Careers
An overview of related careers and their average salaries in the US. Bars indicate income percentile (33rd - 99th).
Open-Source System Developer $2k
Linguist & Open Source Analyst $66k
Open 3 $68k
Open Source Linux 3D Graphics Driver Developer $71k
Open 1 $84k
Sales - Open Source Team $88k
Research and Development Engineer - Open Source $96k
Rensselaer Center for Open Source Software (RCOS) Developer $106k
Systems Analyst - Open Source / Unix $108k
Open Source Engineer $116k
Senior Marketing Manager, Helix Open Source Community $153k
Storage and Open Source Engineer $197k
Courses in this Professional Certificate
Listed in the order in which they should be taken
| Starts | Course Information | |
|---|---|---|
|
On Demand |
Secure Software Development: Implementation Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by... edX | The Linux Foundation |
Save
|
|
On Demand |
Secure Software Development: Verification and More Specialized Topics Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by... edX | The Linux Foundation |
Save
|
|
On Demand |
Secure Software Development: Requirements, Design, and Reuse Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by... edX | The Linux Foundation |
Save
|
&
| From | The Linux Foundation via edX |
|---|---|
| Hours | 42 |
| Instructor | David A. Wheeler |
| Language | English |
| Subjects | Programming |
Careers
An overview of related careers and their average salaries in the US. Bars indicate income percentile (33rd - 99th).
Open-Source System Developer $2k
Linguist & Open Source Analyst $66k
Open 3 $68k
Open Source Linux 3D Graphics Driver Developer $71k
Open 1 $84k
Sales - Open Source Team $88k
Research and Development Engineer - Open Source $96k
Rensselaer Center for Open Source Software (RCOS) Developer $106k
Systems Analyst - Open Source / Unix $108k
Open Source Engineer $116k
Senior Marketing Manager, Helix Open Source Community $153k
Storage and Open Source Engineer $197k
Similar Courses
Sorted by relevance
