{"id":4476,"date":"2024-07-16T16:54:25","date_gmt":"2024-07-16T21:54:25","guid":{"rendered":"https:\/\/www.darkreading.com\/application-security\/the-linux-foundation-and-openssf-release-report-on-the-state-of-education-in-secure-software-development"},"modified":"2024-07-16T16:54:25","modified_gmt":"2024-07-16T21:54:25","slug":"the-linux-foundation-and-openssf-release-report-on-the-state-of-education-in-secure-software-development","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/07\/16\/the-linux-foundation-and-openssf-release-report-on-the-state-of-education-in-secure-software-development\/","title":{"rendered":"The Linux Foundation and OpenSSF Release Report on the State of Education in Secure Software Development"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

PRSS RELEASE<\/span><\/span><\/p>\n

WASHINGTON, July 16, 2024 (GLOBE NEWSWIRE) —<\/span><\/span> <\/span>Linux Foundation Research<\/a><\/span> and the <\/span>Open Source Security Foundation<\/a><\/span> (OpenSSF) are pleased to release a new report titled <\/span>“<\/span><\/span>Secure Software Development Education 2024 Survey: Understanding Current Needs.<\/a><\/span>\u201d<\/span><\/span> Based on a survey of nearly 400 software development professionals, the analysis explores the current state of secure software development and underscores the urgent need for formalized industry education and training programs. <\/span><\/p>\n

Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security. Despite this, many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment \u2014 system operations, software developers, committers, and maintainers \u2014 self-report feeling unfamiliar with secure software development practices. This is of particular concern as they are the ones at the forefront of creating and maintaining the code that runs a company\u2019s applications and systems.<\/span><\/p>\n

\u201cTime and again we\u2019ve seen the exploitation of software vulnerabilities lead to catastrophic consequences, highlighting the critical need for developers at all levels to be armed with adequate knowledge and skills to write secure code,\u201d said David A. Wheeler, director of open source supply chain security for the Linux Foundation. \u201cOur research found that a key challenge is the lack of education in secure software development. Practitioners are unsure where to start and instead are learning as they go. It is clear that an industry-wide effort to bring secure development education to the forefront must be a priority.\u201d OpenSSF offers a free course on <\/span>developing secure software (LFD121)<\/a><\/span> and encourages developers to start with this course.<\/span><\/p>\n

Survey results indicate that the lack of security awareness is likely due to most current educational programs prioritizing functionality and efficiency while often neglecting essential security training. Additionally, most professionals (69%) rely on on-the-job experience as a main learning resource, yet it takes at least five years of such experience to achieve a minimum level of security familiarity.<\/span><\/p>\n

Other key findings of the survey include the following:<\/span><\/p>\n

\n