wg-best-practices-os-developers icon indicating copy to clipboard operation
wg-best-practices-os-developers copied to clipboard

Published 20 hours ago verified publisher icon ossf

[SOSS TASK FORCE] - Create security Skills for Developers

Open SecurityCRob opened this issue 2 years ago • 2 comments

Create a “Security Skills for Developers” document that lists key skills job applicants should have, along with ways to acquire those skills/credentials, and evangelize to academia and to developers

SecurityCRob avatar Oct 12 '23 20:10 SecurityCRob

You might find my brief introduction slides helpful: A Brief Introduction to Developing Secure Software

Basically, turn some of those points into criteria.

For example, the implementation slide notes:

  • Most vulnerabilities are common mistakes
  • Learn what they are & how to avoid them
  • Two helpful lists: OWASP Top 10 (for web apps); CWE Top 25

That could be turned in to:

Developer must know the most common types of mistakes that lead to vulnerabilities, along with how to avoid them. This at least includes those identified in the OWASP Top 10 and the CWE top 25.

david-a-wheeler avatar Oct 16 '23 15:10 david-a-wheeler

Found these REALLY interesting interview questions for security engineers and security architects. Not completely targeted at devs, but there is some good stuff we can borrow in here: https://github.com/tadwhitaker/Security_Architect_and_Principal_Security_Engineer_Interview_Questions & https://github.com/tadwhitaker/Security_Engineer_Interview_Questions

SecurityCRob avatar Dec 01 '23 14:12 SecurityCRob