Historically, little attention is paid in traditional software engineering coursework that highlights and teaches the importance of good cyber security hygiene and secure coding tech-niques. Complicating the lack of trained developers is the ever-growing shortage of trained cyber security professionals that can assist developers as they create, test, and release their code. In recent years many reports and efforts have showcased the importance of not only upskilling existing practictioners, but also to developing a new generation of engineers that will help ensure good development and cyber-hygeine practices are the norm within the industry.
The OpenSSF proposes the following multi-pronged approach to addressing this issue: collect and curate content; expand training; and reward and incentivize developers. As existing content is collected, reviewed, and new content created the OpenSSF will distribute these materials through three main channels, each focused on different styles and methods of learning:
Training and education must be tailored to different levels, backgrounds, and career paths for learners to maximize the effectiveness and reach of these materials. It is also important to ensure this education is available to any community or group that desires it, and that students that have applied themselves and learned these new skills also have means to showcase this and gain recognition for their achievements. Learners should have methods to receive credentials, awards, and means to further their careers and highlight to prospective employers that they have demonstrated their expertise in secure development and open source security techniques.
The OpenSSF's Education SIG (EDU.SIG) proposes the following plan to address these education and trianing needs. The plan will be achieved through combinations of expert volunteers, OpenSSF member-donated content, and strategically hiring indidivuals to be dedicated in helping drive the plan forward and ensure proper alignment and engagement with our desired target communities around the globe. As noted above, the plan is written in three parts to organize the work into thre focused, yet inter-related, sections:
- 1.0 Collect & Curate Content focuses on identifying high-quality available content that already exists and helping identify gaps in desired educational materials.
- 2.0 Expand Training will be taking the data collected from Section 1, and crafting new materials across the "Three Legged Education Stool" to ensure all types of learners have access to materials that they can related to and learn from.
- 3.0 Reward and Incentivize Developers and Maintainers seeks to promote methods to showcase developers and learners that have taken the coursework and demostrated their skills to improve their eminence and status within the community and with employers.