We may earn an affiliate commission when you visit our partners.
Course image
David A. Wheeler

Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by explaining the fundamentals of developing secure software. Geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, this course focuses on practical steps that can be taken, even with limited resources, to improve information security. This course will enable software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.

Read more

Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by explaining the fundamentals of developing secure software. Geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, this course focuses on practical steps that can be taken, even with limited resources, to improve information security. This course will enable software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.

This course discusses the basics of security, such as what risk management really means. It discusses how to consider security as part of the requirements of a system, and what potential security requirements you might consider. This part then discusses how to design software to be secure, including various secure design principles that will help you avoid bad designs and embrace good ones. It also discusses how to secure your software supply chain, that is, how to more securely select and acquire reused software (including open source software) to enhance security.

This is the first of the three courses in the Secure Software Development Fundamentals Professional Certificate program, and was developed by the Open Source Security Foundation (OpenSSF), a project of the Linux Foundation focused on securing the open source ecosystem. The training courses included in this program focus on practical steps that you (as a developer) can take to counter most common kinds of attacks.

What's inside

Learning objectives

  • Security basics: risk management, the “cia” triad, and requirements.
  • Secure design principles: what are principles such as “least privilege” and how to apply these principles.
  • Supply chain evaluation: tips on how to choose packages to reuse, and how to reuse them so that you can rapidly be alerted & update.

Syllabus

Welcome!
Security Basics
Secure Design Principles
Reusing External Software
Read more
Final Exam (Verified track only)

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Designed for software developers, DevOps professionals, software engineers, web application developers, and others, this course will help you develop and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired
Students will learn how to design, develop and maintain secure software
Students will examine the basics of security, such as risk management, the ‘CIA’ triad, and requirements
Taught by instructors David A. Wheeler who are recognized for their work in secure software development
This course is part of the Secure Software Development Fundamentals Professional Certificate program, developed by the Open Source Security Foundation (OpenSSF), a project of the Linux Foundation focused on securing the open source ecosystem

Save this course

Save Secure Software Development: Requirements, Design, and Reuse to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Secure Software Development: Requirements, Design, and Reuse with these activities:
Review secure coding practices
Sharpen your understanding of the principles and practices of secure coding to enhance the security of your software from the start.
Browse courses on Secure Coding
Show steps
  • Review documentation on best practices for secure coding
  • Complete online tutorials or courses on secure coding
  • Practice implementing secure coding techniques in your own projects
Attend a workshop or conference on secure software development
Gain exposure to cutting-edge research, industry best practices, and expert insights by attending specialized events on secure software development.
Show steps
  • Research upcoming workshops or conferences tailored to secure software development
  • Review the agenda and speaker lineup to identify sessions that align with your learning goals
  • Register for the event and make arrangements for travel and accommodation (if necessary)
  • Actively participate in sessions, take notes, and engage with speakers and attendees
Compile a reference guide of security resources
Create a comprehensive resource for yourself and fellow learners by compiling a collection of valuable materials on secure software development.
Show steps
  • Gather relevant articles, tutorials, documentation, and tools on secure software development
  • Organize the resources into logical categories or sections
  • Provide brief summaries or annotations for each resource
  • Share your compilation with other students or online communities
Five other activities
Expand to see all activities and additional details
Show all eight activities
Build a secure software project using OWASP Top 10
Gain hands-on experience in applying industry-standard security best practices by building a software project that addresses common vulnerabilities.
Browse courses on OWASP Top 10
Show steps
  • Familiarize yourself with the OWASP Top 10 vulnerabilities
  • Choose a software project idea that incorporates various security considerations
  • Implement security measures to address each of the OWASP Top 10 vulnerabilities in your project
  • Test and evaluate the security of your project
Organize a study group or discussion forum on secure software development
Engage with fellow learners and exchange knowledge through regular discussions and collaborative activities.
Show steps
  • Identify a group of peers who share your interest in secure software development
  • Establish a regular meeting schedule and set clear goals for each session
  • Take turns presenting on chosen topics or case studies
  • Facilitate group discussions and encourage active participation from all members
Participate as a mentor in a secure software development community
Share your knowledge and expertise by guiding and supporting fellow learners in their journey to master secure software development.
Show steps
  • Join online forums or communities dedicated to secure software development
  • Identify opportunities to answer questions and provide guidance to other members
  • Participate in discussions and share your insights on best practices and emerging trends
Contribute to an open-source secure software development project
Gain practical experience and make a meaningful contribution to the secure software development community by participating in open-source projects.
Show steps
  • Identify open-source projects that focus on secure software development
  • Review the project's documentation and codebase to understand its goals and architecture
  • Propose and implement improvements or new features that enhance the security of the project
  • Submit pull requests and actively engage with the project's maintainers
Participate in a bug bounty program or hacking challenge
Put your skills to the test and challenge yourself by participating in real-world scenarios that involve finding and exploiting security vulnerabilities.
Show steps
  • Identify bug bounty programs or hacking challenges that align with your interests and skill level
  • Study the rules and guidelines carefully
  • Set realistic goals and allocate sufficient time for research and exploration
  • Submit your findings and document your approach with clear and concise reports

Career center

Learners who complete Secure Software Development: Requirements, Design, and Reuse will develop knowledge and skills that may be useful to these careers:
Software Developer
Secure Software Development: Requirements, Design, and Reuse covers the fundamentals of developing secure software. As a Software Developer, this course will provide you with the knowledge and skills necessary to create and maintain systems that are more resistant to attacks and will enable you to reduce the damage when attacks are successful.
Software Engineer
Secure Software Development: Requirements, Design, and Reuse provides Software Engineers with a comprehensive understanding of secure software development practices. This course covers risk management, secure design principles, and supply chain evaluation, equipping Software Engineers with the knowledge and skills needed to develop and maintain secure software systems.
Web Application Developer
The Secure Software Development: Requirements, Design, and Reuse course is highly relevant to Web Application Developers as it focuses on practical steps to improve the security of software systems. This course covers topics such as risk management, secure design principles, and supply chain evaluation, providing Web Application Developers with the knowledge and skills needed to develop more secure web applications.
DevOps Engineer
The Secure Software Development: Requirements, Design, and Reuse course from the Linux Foundation is designed to help DevOps Engineers improve their software security skills. This course covers practical steps that can be taken to improve information security, making it an ideal choice for individuals looking to advance their careers in DevOps.
Cybersecurity Engineer
Secure Software Development: Requirements, Design, and Reuse is a valuable course for Cybersecurity Engineers as it provides a comprehensive understanding of secure software development practices. This course covers risk management, secure design principles, and supply chain evaluation, equipping Cybersecurity Engineers with the knowledge and skills needed to design and implement secure software systems.
Information Security Analyst
The Secure Software Development: Requirements, Design, and Reuse course provides Information Security Analysts with a foundation in secure software development practices. This course covers risk management, secure design principles, and supply chain evaluation, equipping Information Security Analysts with the knowledge and skills needed to assess and mitigate software security risks.
Software Quality Assurance (QA) Engineer
The Secure Software Development: Requirements, Design, and Reuse course may be useful for Software Quality Assurance (QA) Engineers as it provides a foundation in secure software development practices. This course covers risk management, secure design principles, and supply chain evaluation, which can help Software Quality Assurance (QA) Engineers improve the security of software systems.
Security Architect
The Secure Software Development: Requirements, Design, and Reuse course may be useful for Security Architects as it provides a foundation in secure software development practices. This course covers risk management, secure design principles, and supply chain evaluation, which can help Security Architects design and implement more secure software systems.
Risk Manager
The Secure Software Development: Requirements, Design, and Reuse course may be полезный for Risk Managers as it provides a foundation in risk management practices for software development. This course covers risk identification, assessment, and mitigation, which can help Risk Managers improve the security of software systems.
Compliance Officer
The Secure Software Development: Requirements, Design, and Reuse course may be useful for Compliance Officers as it provides a foundation in secure software development practices. This course covers compliance requirements and best practices, which can help Compliance Officers ensure that software systems meet regulatory and industry standards.
Technical Writer
The Secure Software Development: Requirements, Design, and Reuse course may be useful for Technical Writers as it provides a foundation in secure software development practices. This course covers technical writing for security, which can help Technical Writers create clear and concise documentation that promotes secure software development.
Project Manager
The Secure Software Development: Requirements, Design, and Reuse course may be useful for Project Managers as it provides a foundation in secure software development practices. This course covers project management for security, which can help Project Managers ensure that software development projects are completed on time, within budget, and to the required security standards.
Quality Assurance (QA) Analyst
The Secure Software Development: Requirements, Design, and Reuse course may be useful for Quality Assurance (QA) Analysts as it provides a foundation in secure software development practices. This course covers testing for security, which can help Quality Assurance (QA) Analysts identify and fix security vulnerabilities in software systems.
Business Analyst
The Secure Software Development: Requirements, Design, and Reuse course may be useful for Business Analysts as it provides a foundation in secure software development practices. This course covers requirements gathering and analysis for security, which can help Business Analysts ensure that software systems meet the needs of the business while also being secure.
Product Manager
The Secure Software Development: Requirements, Design, and Reuse course may be useful for Product Managers as it provides a foundation in secure software development practices. This course covers product management for security, which can help Product Managers ensure that software products are secure and meet the needs of the market.

Reading list

We've selected eight books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Secure Software Development: Requirements, Design, and Reuse.
Good reference for secure coding techniques in C and C++, which are common languages used in software development and are applicable to the course content, if the learner is familiar with these languages.
Discusses a mix of practical software development process and programming language concepts, which are applicable to the broader course scope. It also discusses some secure development topics.
Focuses on the process of threat modeling, which useful addition to the secure design elements of this course.
General-purpose cybersecurity framework which can be applied to software development, and good reference for additional research on security best practices.
General-purpose security reference for software developers and security professionals, and while not specifically tailored to any particular course, provides a good overview of the security landscape which applies to this course.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Secure Software Development: Requirements, Design, and Reuse.
Secure Software Development: Verification and More...
Most relevant
Secure Software Development: Implementation
Most relevant
Securing Your Software Supply Chain with Sigstore
Most relevant
Securing Your GitHub Project
Most relevant
Home Networking Basics
Most relevant
Software Development Security for CISSP®
Designing Robust Information System Security Architectures
Secure Software Implementation for CSSLP®
PHP 8 Web Application Security
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser