secure-sw-dev-fundamentals
secure-sw-dev-fundamentals copied to clipboard
ossf
Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
In "Applying Cryptography" -> "Humility Is Important in Cryptography", you write that: > You should instead have a plan for handling when (not if) your cryptographic algorithms and protocols are...
In the "Minimize Feedback / Information Exposure" section, you write: > If a user tries to create an account using an email address, don't tell the user if an account...
Make it clear that this material applies to embedded software (as well as cloud, server-side apps, client-side apps, mobile apps, etc.), and add any material that might be needed. I...
For more: * https://kerkour.com/sha256-length-extension-attacks * https://news.ycombinator.com/item?id=36058754
The question about resolving the ReDos requests a change from `^(PATTERN+)*$` to `^PATTERN+$`, but that is not entirely correct. The correct option would be: `^(PATTERN+)$` because it keeps the capture...
Consider making tweaks so we can generate a PDF to be printed as a book. This material was developed to be used online, but some people may prefer to learn...
In the course feedback: https://github.com/ossf/secure-sw-dev-fundamentals/issues/83 there were requests for some video ("1. video"; "multimedia"; "Add some video content just to break up the reading."; "add videos and maybe some hands-on...
The existing OpenSSF fundamentals course has some material on build and distribution security. It'd be useful to expand that using information from SLSA, SSC, and other materials. Completing this would...