Open.Intel’s Post

Check out the Secure Software Development Education 2024 Survey, conducted in partnership between OpenSSF and The Linux Foundation research. Key findings from the report indicate that an important minority of developers are not familiar with secure software development, and many identified a lack of training or a lack of awareness around the courses available. Read the full report here: https://lnkd.in/dK4nUP88 #OSSSecurity #Cybersecurity #OpenSSF #LinuxFoundation

I'm thrilled to share that I've successfully completed the "Developing Secure Software (LFD121)" course offered by The Linux Foundation. This course has been an eye-opening experience, equipping me with the vital skills needed to create software that's not just functional, but fortified against potential threats. From delving into system security requirements to mastering secure design principles, this course provided a comprehensive understanding of the fundamentals. The insights gained into secure software selection and reuse further enhance my ability to craft dependable software solutions. As we navigate an increasingly digital world, software security takes center stage. The knowledge I've gained from this course empowers me to contribute to safer digital environments through code that stands strong against vulnerabilities. A heartfelt thank you to the The Linux Foundation Foundation for providing such a robust and insightful learning experience. This certificate marks not just the completion of a course, but a commitment to writing code that prioritizes security without compromise. If you're interested in discussing secure software development, coding best practices, or anything related to the Linux ecosystem, feel free to connect! Let's keep learning and growing together. #DevelopingSecureSoftware #LinuxLearner #CyberSafety #ContinuousLearning #SoftwareDevelopment #LinuxFoundation #SoftwareSecurity #LFD121

A study by the Linux Foundation and the Open Source Security Foundation found that 7 in 10 professionals rely on on-the-job training to learn how to incorporate #security into their development practices. However, it usually takes five years of working experience to achieve minimal knowledge of the subject, according to the report. Software development professionals cited a lack of time and #insufficientawarenessand training as their most common challenges. Why not let us help before #litigation and #fines are the result! https://lnkd.in/dPM5Cetj

💡 Did you know that The Linux Foundation offers a lot of curated tech classes? Along with other industry leaders we at Intel Corporation are happy to contribute to it ensuring the best quality and relevance. 💸 Ok, what if I tell you that some of them are FREE OF CHARGE? For example, check out and share among engineers this Developing Secure Software (LFD121) class. https://lnkd.in/eE5yBm2j #iamintel #security #free #opensource

I am happy to share that I have completed the course and professional certificate program i.e. LFD121: Developing Secure Software from Linux Foundation. Verify: https://lnkd.in/gNPrhCJg And here I would like to share my experience about this course and final exam: -> This is a course where there is something for every kind of Software/Application Security Professional: -> For a Security Beginner who wants to start/get into a career in Secure Development Lifecycle , this course is excellent as it covers all the basics and major to minor topics with some real time examples (Not PoCs). -> For Intermediate level Security Professionals, There are a lot of good references for further research and in-depth knowledge gain. -> For Security Experts, this course provides good amount of information and references on advanced security areas like: -> Quantum Cryptography -> AI/ML Security, Tools and Countermeasures -> Feedback Based Application Security Testing -> Formal Method and their Application using TLA+ All in All, Its worth of your time investing in this course

The XZ Utils Backdoor: A Critical Supply Chain Attack On March 29th, 2024, the open-source community was jolted by the discovery of a malicious backdoor in xz-utils, a widely used data compression utility in Linux and Unix-like systems. Here’s what we know: 1. Ubiquity of XZ Utils: - XZ Utils is nearly ubiquitous in Linux, providing lossless data compression on virtually all Unix-like operating systems. - It supports the legacy .lzma format, making it a crucial component for compressing and decompressing data. 2. The Backdoor Uncovered: - A Microsoft developer, Andres Freund, stumbled upon performance issues in a Debian system related to SSH logins. - Through sheer luck and careful observation, Freund discovered that the problems were caused by updates to xz Utils. - These updates were intentionally planted and contained a backdoor. 3. Sophistication and Near Success: - The complexity of the social engineering and inner workings of the backdoor is staggering. - The malicious code was added to xz Utils versions 5.6.0 and 5.6.1. - When performing operations related to lzma compression or decompression, the backdoor allowed for malicious code execution with root privileges. - Researchers believe that the project behind this backdoor spent years refining it and came frighteningly close to merging it into Debian and Red Hat, the two major Linux distributions. 4. Supply Chain Nightmare: - Software and cryptography engineer Filippo Valsorda described it as “the best executed supply chain attack we’ve seen described in the open.” - The reach of this backdoor would have dwarfed the SolarWinds event from 2020. 5. Mitigation and Vigilance: - The open-source community must remain vigilant and conduct thorough security reviews. - Mitigate by ensuring you’re not using affected versions and consider alternative compression tools. For more in-depth information, you can read the original articles on... - Ars Technica1: https://lnkd.in/dv8_yjsx - SecurityWeek2: https://lnkd.in/di2C9PW4 - Geeky Gadgets3: https://lnkd.in/dhPrKvRf Stay informed and stay secure! 🛡️