As long as it is not intended for commercial use, SAFECode is happy to have others to host the material. Our goal is to make these courses as widely available as possible so they may serve the community. Please contact us for more details.
Yes, any organization may take the content from the SAFECode courses and customize it to their environment. In fact, doing so is encouraged. Please just abide by our creative commons license agreement (http://creativecommons.org/licenses/by-nc/3.0/deed.en_GB). You’ll see the only restriction is that the content cannot be used for commercial purposes. SAFECode members do have access to the source materials for these courses, which does provide an opportunity for easier customization.
First, check your Internet connection. If you continue to have problems, please contact us and let us know.
SAFECode will be adding new courses to the site on an ongoing basis. Our goal is to create a diverse catalog of security engineering training courses for all expertise levels as a community resource. If you have suggestions on future topics to address, please let us know. We would love to hear from you.
No, registration is not required to view the courses. However, registered users receive a number of benefits, including the ability to download course for offline viewing [to download the courses, please contact [email protected]]. Finally, registered users will receive email updates when new courses become available.
No, the use of all SAFECode training courses is free to the public. All courses are published under a Creative Commons license and open, non-commercial usage of the content is encouraged.
No, this program should be seen as a supplement to, and not a replacement for, formal education. In fact, SAFECode is a strong advocate for security engineering education at the college and university level and hopes that as software assurance programs advance, a more standardized curriculum can be developed for both full-time programs and ongoing continuing education. However, corporations cannot wait for these developments to occur before integrating secure development principles into their development lifecycles and it is our experience that this knowledge gap can be addressed through corporate training initiatives.
SAFECode recommends that product security managers use the training materials in the context of a broader software security process. We frequently publish guidance to help support that development and maturation of such a process, including its flagship work, Fundamental Practices for Secure Software Development. It has also published a framework for setting up a corporate security engineering training program.
SAFECode intends to add additional courses and resources to the site, including training program implementation advice based on the real-world experiences of our members, with the goal of creating an accessible and practical industry resource to support and promote software security training.
These courses are based on the software security curriculum being successfully used within SAFECode’s member companies; in other words, the content has been road-tested. The courses available now are based on training modules being used within Adobe, and benefit from additional review and supplementing by a team of technical contributors from across the SAFECode membership to ensure their broad applicability. While keeping programs up-to-date is always a challenge, especially with a free public service, we hope that the community will alert us to issues and new updates. This is a key reason why the site was designed to encourage comments on the courses from users.
While the courses will be helpful for individuals looking to improve their skills, SAFECode’s primary focus is on assisting product security managers in finding materials useful for developing and supporting an in-house training program. SAFECode has also published a framework for developing a corporate security engineering training program to further assist in the training program development process.
The collective experience of SAFECode’s member companies has shown that software security is most successful when it is treated as a process that reflects an individual companies culture and unique development needs. Supporting this process through software security training is essential. In fact, the lack of security engineering awareness and education among the software engineering workforce can be a significant obstacle to organizations working to implement software security programs.
Though our analysis has shown that security training is most effective when aligned to an organization’s unique culture and security development process, we recognize that not every organization has the resources required to develop custom training. We hope that this program can help other organizations overcome this challenge and provide them with the tools they need to create a training program that works for their environment.
Security engineering training by SAFECode is an online community resource offering free software security training courses delivered via on-demand webcasts.
Covering issues from preventing SQL injection to avoiding cross site request forgery, the courses are designed to be used as building blocks for those looking to create an in-house training program for their product development teams, as well as individuals interested in enhancing their skills. All courses are free and published under a Creative Commons license and open, non-commercial usage of the content is encouraged.