'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
Open Source Security Foundation launches a new certification program on edX
If you're a programmer and you've heard it once, you've heard it a thousand times. "Build security into your programs!" That's easy to say, but how, exactly, do you do that? The Linux Foundation's Open Source Security Foundation (OpenSSF) has an answer: A set of three free classes and a certification program to get your security skills up to speed.
Also: Best online learning platforms in 2020
The three free courses on how to develop secure software will be offered on the edX learning platform. These classes are intended for the full range of software developers, including DevOps professionals, software engineers, and web application developers. Indeed, anyone interested in learning how to develop secure software will find these courses useful. Besides teaching you how to develop secure software, they also deal with how to reduce damage when a bug is found. They will also help you learn how to quickly analyze and fix security holes when one is found.
The classes are:
- Secure Software Development: Requirements, Design, and Reuse
- Secure Software Development: Implementation
- Secure Software Development: Verification and More Specialized Topics
The courses focus on practical developer steps you can use to counter the most common kinds of attacks.
Specifically, they dig into common risks and requirements, design principles, and evaluating code (such as packages) for reuse. They also focus on key implementation issues, including input validation, processing data securely, calling out to other programs, sending output, cryptography, error handling, and incident response. This is followed by a discussion on various kinds of verification issues, including security testing and penetration testing, and security tools. The classes conclude with a discussion on deployment and handling vulnerability reports.
The OpenSSF training program includes a Professional Certificate program: Secure Software Development Fundamentals. Enrollment for the courses and certificate is open now. Course content and the Professional Certificate program tests will become available on Nov. 5.
This is an online, self-paced program. The course work was created by the well known David A. Wheeler. The Linux Foundation's Director of Open Source Supply Chain Security. OpenSSF and edX estimates it will take an hour or two a week for five months to master the coursework and be able to pass the certification test. While the classes are free, the certification program currently costs a discounted $537.30.
Mike Dolan, The Linux Foundation's Senior VP and GM of Projects, said: "We're excited to offer the Secure Software Development Fundamentals professional certificate program to support an informed talent pool about open source security best practices." You should be excited, too. As the recent 2020 Open Source Jobs Report showed, demand is higher than ever for open-source and Linux savvy employees and 52% of hiring managers are more likely to hire you if you have appropriate certification.
One final note, the OpenSSF is incorporating the Core Infrastructure Initiative (CII) projects. CII has been working on securing older, popular open-source programs, which were not receiving enough funding. These programs include the CII Census, a quantitative analysis to identify critical OSS projects; CII Best Practices badge project; and the CII FOSS Contributor Survey, a quantitative survey of OSS developers. Both will become part of the OpenSSF Securing Critical Projects working group. These efforts will continue to be implemented by the Laboratory for Innovation Science at Harvard (LISH).