One of the common challenges we hear from customers regarding their software security assurance programs is developer education. Sure, there are many great tools out there that can help with security, but when it comes down to it, if you’re going to truly build a culture of secure software (and not just audit your system now and then), your development team needs to be well versed on key security concepts, defensive coding principles, common attack vectors, not to mention the ins and outs of specific coding vulnerabilities like buffer overflows.
Well, we agree. That’s why we’ve partnered with our friends at Security Innovation to make some of their developer eLearning courses available for free on the new, revamped Klocwork Secure Coding Learning Center. I encourage you to check out the Secure Coding for C/C++ course – it’s approx 60 minutes in length, features interactive material, and is a great introductory course into many of the key concepts required to build secure software. We also have a course on Microsoft’s Secure SDL and the OWASP Top 10, a brand new Memory Flaws Boot Camp, a myriad of courses based around CWE identified vulnerabilities and many new courses are on their way. Check it out!