[HN Gopher] Security Engineering Course ___________________________________________________________________ Security Engineering Course Author : etiam Score : 96 points Date : 2022-01-19 15:43 UTC (7 hours ago) (HTM) web link (www.lightbluetouchpaper.org) (TXT) w3m dump (www.lightbluetouchpaper.org) | dwheeler wrote: | If you're interested in learning how to develop secure software, | I recommend checking out the free set of 3 courses from the Open | Source Security Foundation (OpenSSF) on "Secure Software | Development Fundamentals": https://openssf.org/training/courses/ | | They're hosted on edX. Like many edX courses, if you want to | prove you learned the material you can pay to try to pass various | tests and get a certificate, but you do _not_ need to pay if you | just want to learn the material. | | Full disclosure: I'm the author. But hopefully you'll like it | anyway :-). | CodeGlitch wrote: | Interesting...not heard of the openssf (I see they were only | formed in 2020?). | | Regarding secure software development, I've not seen many certs | / exams covering the topic, so it's good you've developed those | 3 courses. The only other cert I've seen is the CSSLP by | (ISC)2: | | https://www.isc2.org/Certifications/CSSLP | | Can you comment on how they compare? | iammjm wrote: | Is this book still relevant considering that it has been written | in 2001 and updated in 2008? | Saanti wrote: | 3rd edition is 2020 | BayesianDice wrote: | Thanks, I'd found the first edition a really good book when I | was early in my security career many years ago, I shall have | to check the 2020 edition! | philprx wrote: | Yes it is, very good book because it goes from the fundamentals | to elaborate examples. | | Now if you really want to be in research and current | attack/defense then you need to do your homework. | | But all the foundations in this book will help you have a | comprehensive picture of the landscape you're playing in. | badrabbit wrote: | This is one of those things. I do security engineering but it has | little to do with building systems or software. In this case what | they mean is "engineering securely" but a security engineer in a | security team will be engineering various security tools and | content (endpoint security tools/content, threat intel | platforms,SIEM,etc...) so literally engineering security | controls. Not that I mind but the ambiguity might cause | confusion. ___________________________________________________________________ (page generated 2022-01-19 23:00 UTC)