ossf / secure-sw-dev-fundamentals

Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
Creative Commons Attribution 4.0 International
179 stars 46 forks source link

Split SQL injection unit #150

Closed david-a-wheeler closed 6 months ago

david-a-wheeler commented 6 months ago

We've received many positive comments on the course. However, one note we've had from learner feedback, OpenSSF Governing Board / TAC interviews, and persona analysis, is that the units need to be "bite-sized" (not too big). I believe the point is that a few units are larger than they should be and should be broken apart.

I did a word count on each unit of content, and one unit stood out: the "SQL Injection" unit. This unit was 3,540 words (using a tool that strips out HTML & punctuation to do word counts). It's the only unit above 3,000 words. That unit is about 1/3 larger than the second-largest unit (2,683 for "Countering Out-of-Bounds Reads and Writes (Buffer Overflow)"), and far larger than the median of 870 words per unit. This unit had internal subdivisions, but internal subdivisions don't seem to be enough.

This commit splits the SQL Injection unit into 3 units, and adds quizzes for each. The largest revised unit ("SQL Injection") is only 1,904 words, 54% of its original size.

FYI, the next-largest units (by word count) are the following (these are the only ones over 2,000 words):

This was computed using a simple word-counting tool I wrote.