Today’s issue of CompTIA SmartBrief featured an article from the Wall Street Journal that I found rather interesting: it reports the story of how Adobe has been prone to too many cybersecurity attacks and what they have done, internally, to prevent that: they have invested on education. Starting from the consideration that secure software begins with secure coding, they have developed a portfolio of short training modules aimed at making programmers aware of how security bugs find their way in programs, and how to avoid them. Results have followed and now they have decided to share this experience, and the training modules they had developed, with the world.
These training modules are being share for free through SAFECode, a non-profit organization that features Adobe itself, Microsoft, Siemens, Intel and other major players in the IT industry among the founders. As the name suggest, SAFECode is about software and security, as their mission states:
SAFECode is dedicated to increasing trust in information and communications technology products and services through the advancement of proven software assurance methods. To this end, SAFECode unites subject matter experts with unparalleled experience in managing complex global processes for software development, integrity controls and supply chain security. The trusted exchange of insights about proven methods and real world experiences provides SAFECode members a unique opportunity to share collective perspectives and practices that can enhance the greater cyber ecosystem.
If you check SAFECode’s homepage right now (as of may 2013), you can find the link to their training section, which is what I really got interested in. While not being a true MOOC as MOOCs go, in that you don’t have a subscription and scores and several weeks of lectures, yet there is a quite comprehensive catalogue of short video courses, each around 20-30 minutes. So far the list includes:
- CSRF 101: Cross Site Request Forgery for Everyone
- Auth 101: A Passwords Backgrounder for Everyone
- DOH: Default, Obscure and Hidden Content for Everyone
- An Introduction to Windows Access Controls
- File Permissions 101: Linux and OS X
- Injections 101: SQL and Beyond
The Injections 101 module is the one I’m most interested in: I plan on taking it – it’s just and half an hour module – and on sharing my thoughts with you afterwards. In any case, I think that these courses somehow stand out of the rest of the MOOCs you can find out there: while IT MOOCs are usually aimed at training on a general level, like teaching you how to program or to learn a new skill, these SAFECode modules address some very specific need, things that even very skilled programmers often learn ony after years of experience, if ever. In a sense, these are really advanced topics, but ones that should be included in the education of any programmer from the very beginning.