secure-sw-dev-fundamentals: Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
This repository is for managing and sharing the content of the Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG that are available via the Linux Foundation Training & Certification Platform and via edX.
Please select the course you are interested in and take it if you just want to take these courses.
This repository is instead intended for those who want to modify the course material or using its content in special ways.
If you see something in the course that should be changed, please file an issue or (even better) create a pull request.
Please see Secure Software Development Fundamentals content in Markdown format for the main text content of the course (in this repository). The text embeds references to images that are also in this repository. The course as delivered includes some video introductions; those files are very large and so they aren't currently stored in this repository.
There are video introductions, but the videos are in large files. See the repository with the corresponding videos.
This informational content is released under the Creative Commons Attribution License (CC-BY) version 4.0, so you can reuse it in many ways. We want you to use this information! There are some exceptions: we quote some images (such as from xkcd) which are under their own licenses. Also, to counter cheating we do not release certain testing materials this way at all (so they are not in this repository). Note that we update this material, so you should be prepared for updates if you use a significant portion of it.
If you earn a certificate of completion for the course via the Linux Foundation (LF) Training, you can show off the digital credentials (badges) you've earned. Similarly, if you earn a course certificate or program certificate on edX, you can show your edX certificates.
If you want to propose changes to the content, as noted above the preferred mechanism is to file issues for general suggestions and provide pull requests for specific changes, in both cases to this secure-sw-dev-fundamentals project. Changes that are accepted into the Markdown must go through a series of internal steps in coordination with LF Training & Certification so that the changes will be deployed to both the LF Training and edX platforms.
Changes to the markdown must have no errors reported by markdownlint using our configuration. This is checked when a pull request is made. You can do this check locally by installing markdownlint (e.g., brew install markdownlint-cli or npm install -g markdownlint-cli) and running make.
You can see a generated table of contents - rerun make to regenerate it. This generated file is included in the repository itself for convenience of those new to the document.
This content was originally converted from Google docs format using gdocs2md, patched to skip inline drawings. That project unfortunately seems to have stalled. Alternative converters include lmmx/gdocs2md-html and evbacher/gd2md-html (the last one is most recently active).
This course is one of the results of the Open Source Security Foundation (OpenSSF) Best Practices working group (WG).
If you want to report vulnerabilities in this project, please see SECURITY.md.
Our thanks to Flavia Cioanca for her work to convert the text into live courses!