In a move aimed at addressing the gaps in security engineering knowledge among software engineers, the Software Assurance Forum for Excellence in Code (SAFECode) has introduced a set of free online security engineering training courses.
Delivered via on-demand Web casts, the training will cover topics such as preventing SQL injection and avoiding cross-site request forgery. Described by the organisation as a community platform, the courses are meant to be used as building blocks for users who want to offer in-house training for their product development teams, and by individual users wishing to improve their skills.
These first courses, introduced on Tuesday at the Microsoft Security Development Conference in San Francisco, are based on training materials given to SAFECode by Adobe after successful use in its software security program, and cover introductory-level topics.
Additional courses are already in the review process and will be added to the site on an ongoing basis. SAFECode says its goal is to create a diverse catalogue of security engineering training courses for all levels of proficiency as a community resource. Other resources to be added to the site in months to come include training programme implementation.
Ultimately, says SAFECode, the aim is to create an 'accessible and practical industry resource to support and promote software security training'.
"Ensuring that everyone touching the product development life cycle has the knowledge they need to support an organisation's software security process is a fundamental challenge for any organisation committed to software security success. While SAFECode's analysis has shown that security training is most effective when aligned to an organisation's unique culture and security development process, we recognise that not every organisation has the resources required to develop custom training," said Howard Schmidt, executive director of SAFECode.
Schmidt added that a lack of security engineering awareness and education among the software engineering workforce has proven a 'significant obstacle' to companies trying to implement software security programs. He said that although the free training courses are not a replacement for a formal security engineering education at university level, it is the organisation's hope that the training is a step forward in addressing the knowledge gap.
Share