[SOSS TASK FORCE] - Create security Skills for Developers

ossf / wg-best-practices-os-developers

The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

https://openssf.org

Apache License 2.0

775 stars 133 forks source link

[SOSS TASK FORCE] - Create security Skills for Developers #257

Open SecurityCRob opened 1 year ago

SecurityCRob commented 1 year ago

Create a “Security Skills for Developers” document that lists key skills job applicants should have, along with ways to acquire those skills/credentials, and evangelize to academia and to developers

david-a-wheeler commented 1 year ago

You might find my brief introduction slides helpful: A Brief Introduction to Developing Secure Software

Basically, turn some of those points into criteria.

For example, the implementation slide notes:

Most vulnerabilities are common mistakes
Learn what they are & how to avoid them
Two helpful lists: OWASP Top 10 (for web apps); CWE Top 25

That could be turned in to:

Developer must know the most common types of mistakes that lead to vulnerabilities, along with how to avoid them. This at least includes those identified in the OWASP Top 10 and the CWE top 25.

SecurityCRob commented 1 year ago

Found these REALLY interesting interview questions for security engineers and security architects. Not completely targeted at devs, but there is some good stuff we can borrow in here: https://github.com/tadwhitaker/Security_Architect_and_Principal_Security_Engineer_Interview_Questions & https://github.com/tadwhitaker/Security_Engineer_Interview_Questions