Frequently Asked Questions
What is Security Engineering Training by SAFECode?
Security engineering training by SAFECode is an online community resource offering free software security training courses delivered via on-demand webcasts.
Covering issues from preventing SQL injection to avoiding cross site request forgery, the courses are designed to be used as building blocks for those looking to create an in-house training program for their product development teams, as well as individuals interested in enhancing their skills. All courses are free and published under a Creative Commons license and open, non-commercial usage of the content is encouraged.
Why did SAFECode create this program?
The collective experience of SAFECode's member companies has shown that software security is most successful when it is treated as a process that reflects an individual companies culture and unique development needs. Supporting this process through software security training is essential. In fact, the lack of security engineering awareness and education among the software engineering workforce can be a significant obstacle to organizations working to implement software security programs.
Though our analysis has shown that security training is most effective when aligned to an organization's unique culture and security development process, we recognize that not every organization has the resources required to develop custom training. We hope that this program can help other organizations overcome this challenge and provide them with the tools they need to create a training program that works for their environment.
Who is the program aimed at helping?
While the courses will be helpful for individuals looking to improve their skills, SAFECode's primary focus is on assisting product security managers in finding materials useful for developing and supporting an in-house training program. SAFECode has also published a framework for developing a corporate security engineering training program to further assist in the training program development process.
How does SAFECode create content for training courses?
These courses are based on the software security curriculum being successfully used within SAFECode's member companies; in other words, the content has been road-tested. The courses available now are based on training modules being used within Adobe, and benefit from additional review and supplementing by a team of technical contributors from across the SAFECode membership to ensure their broad applicability. While keeping programs up-to-date is always a challenge, especially with a free public service, we hope that the community will alert us to issues and new updates. This is a key reason why the site was designed to encourage comments on the courses from users.
Are there other resources available?
SAFECode recommends that product security managers use the training materials in the context of a broader software security process. We frequently publish guidance to help support that development and maturation of such a process, including its flagship work, Fundamental Practices for Secure Software Development. It has also published a framework for setting up a corporate security engineering training program.
SAFECode intends to add additional courses and resources to the site, including training program implementation advice based on the real-world experiences of our members, with the goal of creating an accessible and practical industry resource to support and promote software security training.
Is this program a replacement for formal security engineering education?
No, this program should be seen as a supplement to, and not a replacement for, formal education. In fact, SAFECode is a strong advocate for security engineering education at the college and university level and hopes that as software assurance programs advance, a more standardized curriculum can be developed for both full-time programs and ongoing continuing education. However, corporations cannot wait for these developments to occur before integrating secure development principles into their development lifecycles and it is our experience that this knowledge gap can be addressed through corporate training initiatives.
Using the Training Courses
Do I have to join SAFECode to use its training courses?
No, the use of all SAFECode training courses is free to the public. All courses are published under a Creative Commons license and open, non-commercial usage of the content is encouraged.
Do I have to register with the site to view the courses?
No, registration is not required to view the courses. However, registered users receive a number of benefits, including the ability to download course for offline viewing. Registration is also required to comment on the courses. We encourage course participants to leave feedback on the courses. Your feedback will be used to help keep the material up-to-date and ensure it best meets the needs of the community it aims to serve. Finally, registered users will receive email updates when new courses become available.
Can I download the courses for offline viewing?
Registered users can download the videos for offline viewing. To register, visit.
Are these the only courses available?
SAFECode will be adding new courses to the site on an ongoing basis. Our goal is to create a diverse catalog of security engineering training courses for all expertise levels as a community resource. If you have suggestions on future topics to address, please let us know. We would love to hear from you.
Can we customize SAFECode training courses for our organization?
Yes, any organization may take the content from the SAFECode courses and customize it to their environment. In fact, doing so is encouraged. Please just abide by our creative commons license agreement (http://creativecommons.org/licenses/by-nc/3.0/deed.en_GB). You'll see the only restriction is that the content cannot be used for commercial purposes. SAFECode members do have access to the source materials for these courses, which does provide an opportunity for easier customization.
I am having trouble viewing a course? What is wrong?
First, check your Internet connection. If you continue to have problems, please contact us and let us know.
I manage a publication/association/other organization and I would like to host the content on our site. Is this allowed?
As long as it is not intended for commercial use, SAFECode is happy to have others to host the material. Our goal is to make these courses as widely available as possible so they may serve the community. Please contact us at for more details.
What is the Software Assurance Forum for Excellence in Code (SAFECode)?
The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of proven software assurance methods.
Who are SAFECode's members?
Our members include Adobe, CA Technologies, EMC Corporation, Intel Corporation, Microsoft Corp., SAP AG, Siemens AG and Symantec Corp.
What is SAFECode's Mission?
As a center of excellence for vendor software assurance practices, SAFECode unites subject matter experts with unparalleled experience in managing complex global processes for software sourcing, development and delivery to: encourage broad industry adoption of proven software security, integrity and authenticity practices; drive clarity into vendor software assurance practices to empower customers and other key stakeholders to better manage risk; and foster a trusted exchange of insights that advance software assurance practices
Do SAFECode members receive exclusive training benefits?
SAFECode members have access to all course source materials, which provides easier customization for those wishing to use the content in their internal training programs. In addition, they have an opportunity to guide the development of individual courses and help determine which topics will be addressed next. We do reserve the right to designate some training content as members-only should it ever be appropriate in the future.
How does my organization become a member of SAFECode?
SAFECode is always looking for new members to support its mission. For information on membership opportunities, please go to: http://www.safecode.org/join.php
Where do I find more information on SAFECode and its work?
Please visit us at www.safecode.org to learn more.