OpenSSF Expands Secure Development Course with Interactive Labs
October 31, 2024

The Open Source Security Foundation (OpenSSF) announced an expansion of its free course “Developing Secure Software” (LFD121).

The course now features interactive learning scenarios to better equip developers to build software that resists modern cyberattacks.

While threats continue to evolve, secure software starts with fundamental design principles. However, OpenSSF research shows that most practitioners (69%) learn on the job and 53% have not taken courses on developing secure software. LFD121 provides developers with a simple, self-directed opportunity to learn the basics of secure software development—now with interactive labs, quizzes, and other hands-on activities to boost engagement and knowledge retention.

“OpenSSF recognizes the need for security education. Developing software to counter today’s attackers requires that software developers know how to counter them. We are constantly improving to provide broad access and better education opportunities for software developers,” said David A. Wheeler, director, open source supply chain security at OpenSSF. “We’ve created multiple labs where developers can experiment with practical techniques that counter common attacks. The labs include helpful hints to make it easy for practitioners to learn quickly and effectively.”

Secure Software Development Course Components

Since its inception, more than 25,000 individuals have enrolled in this course material; over 18,000 enrolled in LFD121, over 6,000 enrolled in LFD104x (the first section of its equivalent on edX), and over 1,000 enrolled in its Japanese translations. The virtual course is available for free on the Linux Foundation Education platform. Developers who complete the 14-18 hour course and pass the final exam will earn a certificate of completion, valid for two years. The course includes the following components:

- Part I, Requirements, Design, and Reuse: Introduces the basics of secure software development including how to implement secure design principles and how to secure your software supply chain by picking the right components and dependencies.

- Part II, Implementation: Focuses on implementation and practical steps to improve security so that developers can counter the most common kinds of attacks.

- Part III, Verification and More Specialized Topics: Discusses security testing, including static and dynamic analysis, and how to apply these tools in CI/CD pipelines. It also discusses more specialized topics, such as threat modeling, fielding, and formal methods to justify that software is secure.

The easy-to-access interactive labs are optional but recommended for an enhanced education experience. No special software is required; labs launch directly in users’ web browsers, enabling an immediate hands-on experience. Once initiated, labs provide background and information on the specific task, then users are asked to complete the task and are told when they solve it. Users who get stuck can ask for a hint, which will give them a context-specific hint on how to complete the lab. These hints help users quickly move to mastery of a concept, even in programming languages they are less familiar with.

Course content is also freely available on GitHub under a Creative Commons Attribution License (CC-BY) version 4.0. Accredited Educational Institutions and OpenSSF Premier members are eligible to host this security training course on their Learning Management System (LMS) for unlimited, complimentary access for students and employees. For LMS integration details, interested parties can complete a request form.

Share this

Industry News

December 19, 2024

Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).

December 19, 2024

Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.

December 18, 2024

Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.

December 18, 2024

Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.

December 17, 2024

Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.

December 17, 2024

Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.

December 17, 2024

Kindo formally launched its channel partner program.

December 16, 2024

Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.

December 16, 2024

Fastly announced the general availability of Fastly AI Accelerator.

December 12, 2024

Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.

December 12, 2024

vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.

December 11, 2024

CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.

December 11, 2024

Grid Dynamics announced the launch of its developer portal.

December 10, 2024

LTIMindtree announced a strategic partnership with GitHub.