Closed david-a-wheeler closed 1 week ago
I Love the idea, great initially and equally interested in checking out the course
@david-a-wheeler shared a time-sensitive request today, looking for someone to volunteer to create two practice labs with a single simple example for each topic:
The goal is to have this finished within the next week or two; please raise your hand here if you're interested in contributing!
I and @SophiaUgo would both love to work on this sir
@Josetic224 @SophiaUgo - THANK YOU. You're awesome!
I suggest first trying out this lab as an example: https://best.openssf.org/labs/input1.html
The idea is that you'd make copy of our template and edit that copy to create the lab. Here is documentation on creating a lab.
For the moment, I'm going to assume you're working on both of these labs, so here's source material:
Here's the course's material on cross-site scripting (XSS), which the lab will hopefully support: https://github.com/ossf/secure-sw-dev-fundamentals/blob/main/secure_software_development_fundamentals.md#countering-cross-site-scripting-xss
Here's the course material on hard-coded/default credentials: https://github.com/ossf/secure-sw-dev-fundamentals/blob/main/secure_software_development_fundamentals.md#avoid-default--hardcoded-credentials
We assume learners know how to program, but we can't assume they know any particular programming language. So we get them started, and we also implement a "hint" button that can help them understand what to do in the language being used. I'm happy to help you if you get stuck.
For context: The list of labs we'd like to do someday, along with existing working labs & instructions for creating a lab, are all here: https://best.openssf.org/labs/
You can also contact me via email if you wish, dwheeler (AT) linuxfoundation (DOT) org. I won't be able to respond Aug 29-30, but otherwise I'll be happy to help.
Alright David we will keep in touch.
@david-a-wheeler Thank you very Much
@SophiaUgo @Josetic224 - any news? I want to wrap up these labs! I'm happy to answer questions if you like.
Hi, I'm so grateful for your willingness to create labs! However, I haven't heard anything, it's been over a month, and I sent a reminder 3 weeks ago.
I plan to drop these assignments tomorrow morning 2024-10-04 unless I hear something, so that others can work on them. If you are working on them, please reply & post your lab(s) soon at https://github.com/ossf/wg-best-practices-os-developers/pulls. I do appreciate your willingness to work on these, but if other things have come up, I understand. I'd like to just release them so others can work on them, with no hard feelings.
Thank you so much!
Description: Create more hands-on labs for the free "Developing Secure Software" (LFD121) course
Impact: This will significantly help software developers learn how to develop secure software. 53% of software developers have never taken a course in how to develop secure software, and the percentage is much higher for new developers. The LFD121 course is highly rated by those who've taken it, but a common issue they raise is the need for hands-on labs so they can practice applying the ideas. This proposal helps resolve this.
Scope: Each lab takes less than 1 day to create. Any lab would be an improvement. We have 21 unassigned labs. There are 10 that are assigned but not done, and in a few cases I fear the assignee won't complete them (say 2-3 more). So the range of work is 1-24 labs, each < 1 day of work. The list of labs, current assignees, and instructions are here: https://best.openssf.org/labs/ Anyone interested should contact David A. Wheeler, dwheeler @ linuxfoundation DOT org.