{"id":55928,"date":"2024-10-29T10:32:44","date_gmt":"2024-10-29T14:32:44","guid":{"rendered":"https:\/\/sdtimes.com\/?p=55928"},"modified":"2024-10-29T10:32:44","modified_gmt":"2024-10-29T14:32:44","slug":"openssf-updates-its-developing-secure-software-course-with-new-interactive-labs","status":"publish","type":"post","link":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/","title":{"rendered":"OpenSSF updates its Developing Secure Software course with new interactive labs"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">The Open Source Security Foundation (OpenSSF) is updating its <\/span><a href=\"https:\/\/training.linuxfoundation.org\/training\/developing-secure-software-lfd121\/\"><span style=\"font-weight: 400;\">Developing Secure Software (LFD121)<\/span><\/a><span style=\"font-weight: 400;\"> course with new interactive learning labs that provide developers with more hands-on learning opportunities.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">LFD121 is a <\/span><a href=\"https:\/\/github.com\/ossf\/secure-sw-dev-fundamentals?tab=readme-ov-file\"><span style=\"font-weight: 400;\">free course<\/span><\/a><span style=\"font-weight: 400;\"> offered by OpenSSF that takes about 14-18 hours to complete. Any student who passes the final exam gets a certificate that is valid for two years.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The course is broken down into three parts. The first part covers the basics of secure software development, like how to implement secure design principles and how to secure the software supply chain. Part two covers implementation of those basics and then part three finishes up with security testing and also covers more specialized topics like threat modeling, fielding, and formal methods for verifying that software is secure.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The new interactive labs are not required for completing the course, but do enhance the experience, OpenSSF explained. The labs launch directly in the web browser, meaning no additional software needs downloading.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Each lab involves working through a specific task, such as <\/span><a href=\"https:\/\/best.openssf.org\/labs\/input1.html\"><span style=\"font-weight: 400;\">validating input of a simple data type<\/span><\/a><span style=\"font-weight: 400;\">. \u201cLearning how to do input validation is important,\u201d said David Wheeler, director of open source supply chain security, at OpenSSF. \u201cAttackers are *continuously* attacking programs, so developers need to learn to validate (check) inputs from potential attackers so that it&#8217;s much harder for attackers to malicious inputs into a program.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Each lab includes a general goal, background on the issue, and information about the specific tasks. Students will work through a pre-written program that has some areas that will need to be filled in by the student.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to Wheeler, the goal of all of the labs isn\u2019t to learn specific technologies, but to learn core concepts about writing secure software. For example, in the input validation lab, the student only needs to fix one line of code, but that line of code is the one that does the validation, and therefore, is critically important.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cIn fact, without the input validation line to be crafted by the user, the code has a vulnerability (specifically a \u2018cross-site scripting vulnerability\u2019),\u201d said Wheeler.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Students can also get help throughout the lab by requesting context-specific hints that take into account where they are stuck. Wheeler explained that the hints help students progress through the labs even if they\u2019re not familiar with the particular programming language used in the lab.\u00a0<\/span><\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>The Open Source Security Foundation (OpenSSF) is updating its Developing Secure Software (LFD121) course with new interactive learning labs that provide developers with more hands-on learning opportunities.\u00a0 LFD121 is a free course offered by OpenSSF that takes about 14-18 hours to complete. Any student who passes the final exam gets a certificate that is valid  &hellip; <a class=\"read-more\" href=\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/\">continue reading<\/a><!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":752,"featured_media":55929,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"cybocfi_hide_featured_image":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[1],"tags":[16056,45],"coauthors":[11687],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>OpenSSF updates its Developing Secure Software course with new interactive labs - SD Times<\/title>\n<meta name=\"description\" content=\"OpenSSF is updating its Developing Secure Software (LFD121) course with new interactive learning labs for writing secure software.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OpenSSF updates its Developing Secure Software course with new interactive labs - SD Times\" \/>\n<meta property=\"og:description\" content=\"OpenSSF is updating its Developing Secure Software (LFD121) course with new interactive learning labs for writing secure software.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/\" \/>\n<meta property=\"og:site_name\" content=\"SD Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SDTimesD2\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-29T14:32:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/10\/7675fdaf27b5584320a3ca497e57dbd4.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1048\" \/>\n\t<meta property=\"og:image:height\" content=\"597\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jenna Barron\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:site\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jenna Barron\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/\"},\"author\":{\"name\":\"Jenna Barron\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\"},\"headline\":\"OpenSSF updates its Developing Secure Software course with new interactive labs\",\"datePublished\":\"2024-10-29T14:32:44+00:00\",\"dateModified\":\"2024-10-29T14:32:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/\"},\"wordCount\":403,\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/10\/7675fdaf27b5584320a3ca497e57dbd4.png\",\"keywords\":[\"OpenSSF\",\"security\"],\"articleSection\":[\"Latest News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/\",\"url\":\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/\",\"name\":\"OpenSSF updates its Developing Secure Software course with new interactive labs - SD Times\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/10\/7675fdaf27b5584320a3ca497e57dbd4.png\",\"datePublished\":\"2024-10-29T14:32:44+00:00\",\"dateModified\":\"2024-10-29T14:32:44+00:00\",\"description\":\"OpenSSF is updating its Developing Secure Software (LFD121) course with new interactive learning labs for writing secure software.\",\"breadcrumb\":{\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#primaryimage\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/10\/7675fdaf27b5584320a3ca497e57dbd4.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/10\/7675fdaf27b5584320a3ca497e57dbd4.png\",\"width\":1048,\"height\":597},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sdtimes.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OpenSSF updates its Developing Secure Software course with new interactive labs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sdtimes.com\/#website\",\"url\":\"https:\/\/sdtimes.com\/\",\"name\":\"SD Times\",\"description\":\"Software Development News\",\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sdtimes.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sdtimes.com\/#organization\",\"name\":\"SD Times\",\"url\":\"https:\/\/sdtimes.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"width\":225,\"height\":90,\"caption\":\"SD Times\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SDTimesD2\",\"https:\/\/x.com\/sdtimes\",\"https:\/\/www.linkedin.com\/company\/sdtimes\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\",\"name\":\"Jenna Barron\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"caption\":\"Jenna Barron\"},\"description\":\"Jenna Barron is News Editor of SD Times.\",\"url\":\"https:\/\/sdtimes.com\/author\/jennifer-sargent\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OpenSSF updates its Developing Secure Software course with new interactive labs - SD Times","description":"OpenSSF is updating its Developing Secure Software (LFD121) course with new interactive learning labs for writing secure software.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/","og_locale":"en_US","og_type":"article","og_title":"OpenSSF updates its Developing Secure Software course with new interactive labs - SD Times","og_description":"OpenSSF is updating its Developing Secure Software (LFD121) course with new interactive learning labs for writing secure software.","og_url":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/","og_site_name":"SD Times","article_publisher":"https:\/\/www.facebook.com\/SDTimesD2","article_published_time":"2024-10-29T14:32:44+00:00","og_image":[{"width":1048,"height":597,"url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/10\/7675fdaf27b5584320a3ca497e57dbd4.png","type":"image\/png"}],"author":"Jenna Barron","twitter_card":"summary_large_image","twitter_creator":"@sdtimes","twitter_site":"@sdtimes","twitter_misc":{"Written by":"Jenna Barron","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#article","isPartOf":{"@id":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/"},"author":{"name":"Jenna Barron","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786"},"headline":"OpenSSF updates its Developing Secure Software course with new interactive labs","datePublished":"2024-10-29T14:32:44+00:00","dateModified":"2024-10-29T14:32:44+00:00","mainEntityOfPage":{"@id":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/"},"wordCount":403,"publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"image":{"@id":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/10\/7675fdaf27b5584320a3ca497e57dbd4.png","keywords":["OpenSSF","security"],"articleSection":["Latest News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/","url":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/","name":"OpenSSF updates its Developing Secure Software course with new interactive labs - SD Times","isPartOf":{"@id":"https:\/\/sdtimes.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#primaryimage"},"image":{"@id":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/10\/7675fdaf27b5584320a3ca497e57dbd4.png","datePublished":"2024-10-29T14:32:44+00:00","dateModified":"2024-10-29T14:32:44+00:00","description":"OpenSSF is updating its Developing Secure Software (LFD121) course with new interactive learning labs for writing secure software.","breadcrumb":{"@id":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#primaryimage","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/10\/7675fdaf27b5584320a3ca497e57dbd4.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/10\/7675fdaf27b5584320a3ca497e57dbd4.png","width":1048,"height":597},{"@type":"BreadcrumbList","@id":"https:\/\/sdtimes.com\/security\/openssf-updates-its-developing-secure-software-course-with-new-interactive-labs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sdtimes.com\/"},{"@type":"ListItem","position":2,"name":"OpenSSF updates its Developing Secure Software course with new interactive labs"}]},{"@type":"WebSite","@id":"https:\/\/sdtimes.com\/#website","url":"https:\/\/sdtimes.com\/","name":"SD Times","description":"Software Development News","publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sdtimes.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sdtimes.com\/#organization","name":"SD Times","url":"https:\/\/sdtimes.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","width":225,"height":90,"caption":"SD Times"},"image":{"@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SDTimesD2","https:\/\/x.com\/sdtimes","https:\/\/www.linkedin.com\/company\/sdtimes\/"]},{"@type":"Person","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786","name":"Jenna Barron","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e","url":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","caption":"Jenna Barron"},"description":"Jenna Barron is News Editor of SD Times.","url":"https:\/\/sdtimes.com\/author\/jennifer-sargent\/"}]}},"_links":{"self":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/55928"}],"collection":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/users\/752"}],"replies":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/comments?post=55928"}],"version-history":[{"count":1,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/55928\/revisions"}],"predecessor-version":[{"id":55930,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/55928\/revisions\/55930"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media\/55929"}],"wp:attachment":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media?parent=55928"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/categories?post=55928"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/tags?post=55928"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/coauthors?post=55928"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}