New training courses will help DevOps professionals learn how to develop secure software and keep the open source ecosystem secure.
Open Source Security Foundation (OpenSSF), hosted at the Linux Foundation, announced on Thursday that it is offering free training for developing secure software as well as adding a new certification and providing program and technical initiatives.
OpenSSF is a cross-industry collaboration to secure the open source ecosystem. Open source software is available across all industries and making sure it is secure is more important than ever before.
SEE: Linux commands for user management (TechRepublic Premium)
Three courses available on how to develop secure software
There are three free courses created by Open SSF on how to develop secure software on the non-profit edX learning platform. The courses will teach DevOps professionals how to develop secure software while reducing damage and increasing response speed when a vulnerability is found.
There is a professional certificate program as part of the OpenSSF training. This program, Secure Software Development Fundamentals, is $537.30 and shows that the material has been mastered. It’s open to the public for enrollment now, and the tests and course content will be available on Nov. 5.
“The OpenSSF has already demonstrated incredible momentum which underscores the increasing priorities placed on open source security,” said Mike Dolan, senior vice president and general manager of projects at The Linux Foundation, in a press release. “We’re excited to offer the Secure Software Development Fundamentals professional certificate program to support an informed talent pool about open source security best practices.”
New industry members of OpenSSF
There have been sixteen new contributors to join OpenSSF since earlier this year: Arduino; AuriStor; Canonical; Debricked; Facebook; Huawei Technologies; iExec Blockchain Tech; Laboratory for Innovation Science at Harvard (LISH); Open Source Technology Improvement Fund; Polyverse Corporation; Renesas; Samsung; Spectral; SUSE; Tencent; Uber; and WhiteSource.
Jeffrey Altman, founder and CEO or AuriStor, said, “One of the strengths of the open protocols and open source software ecosystems is the extensive reuse of code and APIs which expands the spread of security vulnerabilities across software product boundaries. Tracking the impacted downstream software projects is a time-consuming and expensive process often reaching into the tens of thousands of US dollars. In Pixar’s Ratatouille, Auguste Gusteau was famous for his belief that ‘anyone can cook.’ The same is true for software: “anyone can code” but the vast majority of software developers have neither the resources or incentives to prioritize security-first development practices nor to trace and notify impact downstream projects. AuriStor joins the OSSF to voice the importance of providing resources to the independent developers responsible for so many critical software components.”
Peixin Hou, chief expert on Open System and Software, Huawei, “With open source software becoming a crucial foundation in today’s world, how to ensure its security is the responsibility of every stakeholder. We believe the establishment of the Open Source Security Foundation will drive common understanding and best practices on the security of the open source supply chain and will benefit the whole industry.”