A new report from OpenSSF and the Linux Foundation indicates that many IT professionals are not familiar with secure software development concepts and practices.

According to the Secure Software Development Education 2024 Survey, professionals in the following key roles reported being unfamiliar with secure software development:

• System operations (39%)
• Open source program office (OSPO) members (38%)
• Software developers (27%)
• Open source maintainers (23%)
• Security team members (16%)

The lack of familiarity in system operations and OSPO members is concerning, the report says, “as these roles are critical in managing and maintaining software infrastructure and open source initiatives, both of which are fundamental to a company’s overall security posture.”

Other findings from the report provide insight as to the importance of secure software development training and how tech professionals can acquire it. For example:

• 50% of professionals identify a lack of training as a major challenge for implementing secure software development, increasing to 73% among data science roles.
• 69% rely on on-the-job experience as a learning resource for secure software development, but it can take more than 5 years of such experience to achieve familiarity.
• 53% of professionals, especially those in system operations (72%), have not taken a course on secure software development, often due to the lack of awareness about good courses (44%).

The OpenSSF itself offers training courses — including Secure Software Development Fundamentals – and part of the motivation behind this survey was to identify topics for future courses. As a result of these findings, the OpenSSF says they will focus on developing a new security architecture course.

Read the complete report at the Linux Foundation.