1. https://appdevelopermagazine.com/open-source
  2. https://appdevelopermagazine.com/secure-software-development-education-report-from-the-linux-foundation/
8/7/2024 7:15:04 AM
Secure software development education report from the Linux Foundation
Secure software development,Education,Report,Survey,2024, Linux Foundation,OpenSSF
https://news-cdn.moonbeam.co/Secure-software-development-education-report-from-the-Linux-Foundation-App-Developer-Magazine_akgcy7s3.jpg
App Developer Magazine
Secure software development education report from the Linux Foundation

Open Source

Secure software development education report from the Linux Foundation


Wednesday, August 7, 2024

Richard Harris Richard Harris

The Linux Foundation Research and OpenSSF have released its 2024 secure software development education report, revealing that nearly one-third of industry professionals are not familiar with secure software development practices. Findings also showed a critical need for enhanced education and training, as many developers lack essential security knowledge, jeopardizing software integrity.

Linux Foundation Research and the Open Source Security Foundation (OpenSSF) are pleased to release a new report titled "Secure Software Development Education 2024 Survey: Understanding Current Needs." Based on a survey of nearly 400 software development professionals, the analysis explores the current state of secure software development. It underscores the urgent need for formalized industry education and training programs.

The Linux Foundation and OpenSSF release secure software development education report

Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security. Despite this, many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment - system operations, software developers, committers, and maintainers - self-report feeling unfamiliar with secure software development practices. This is of particular concern as they are the ones at the forefront of creating and maintaining the code that runs a company’s applications and systems.

"Time and again we’ve seen the exploitation of software vulnerabilities lead to catastrophic consequences, highlighting the critical need for developers at all levels to be armed with adequate knowledge and skills to write secure code. Our research found that a key challenge is the lack of education in secure software development. Practitioners are unsure where to start and instead are learning as they go. It is clear that an industry-wide effort to bring secure development education to the forefront must be a priority," said David A. Wheeler, director of open-source supply chain security for the Linux Foundation. OpenSSF offers a free course on developing secure software (LFD121) and encourages developers to start with this course.

Survey results indicate that the lack of security awareness is likely due to most current educational programs prioritizing functionality and efficiency while often neglecting essential security training. Additionally, most professionals (69%) rely on on-the-job experience as a main learning resource, yet it takes at least five years of such experience to achieve a minimum level of security familiarity.

Other key findings of the survey include the following

Other key findings of the survey include the following:

  • Lack of time (58%) and lack of awareness and training (50%) are the top two most common challenges in implementing secure software development practices within organizations.
  • The top reason (44%) for not taking a course on secure software development is lack of knowledge about a good course on the topic.
  • Self-directed learning methods were most prevalent, with 74% of respondents reporting using such resources as online tutorials, videos, and books as their main learning method.
  • Emerging security concerns such as AI (57%) and supply chain (56%) are seen as critical future areas for innovation and attention.
     

"The first step in addressing secure software development is recognizing the existing knowledge gap and identifying priority areas for creating additional training. Based on these findings, OpenSSF will create a new course on security architecture which will be available later this year which will help promote a ’security by design’ approach to software developer education," said Christopher “CRob” Robinson, Intel, co-chair of the OpenSSF Education Special Interest Group (SIG) and chair of the OpenSSF Technical Advisory Council (TAC).

Percentage of respondents not familiar with secure software development

Percentage of respondents not familiar with secure software development

Primary learning resources for secure software development

Primary learning resources for secure software development


Subscribe to App Developer Magazine

Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.

MEMBERS GET ACCESS TO

  • - Exclusive content from leaders in the industry
  • - Q&A articles from industry leaders
  • - Tips and tricks from the most successful developers weekly
  • - Monthly issues, including all 90+ back-issues since 2012
  • - Event discounts and early-bird signups
  • - Gain insight from top achievers in the app store
  • - Learn what tools to use, what SDK's to use, and more

    Subscribe here



Featured Stories


An error occurred on the server when processing the URL. Please contact the system administrator.

If you are the system administrator please click here to find out more about this error.