Securing software from vulnerabilities is an important part of the development and review process for applications. Our Information Security Control Requirements obligate developers to have between ½ a day and a full day of security training per year (based off the level of data their application handles, see IT 7.10.1 and IT 7.10.2 for more information).
There are many free resources available to students and employees to learn about common code vulnerabilities and how to develop more securely. We recommend you consider the following:
- Participate in Ohio State Cybersecurity Days: Each year as part of our annual security information sharing event we feature panels, discussions, lectures and training that are focused on increasing knowledge and awareness of developing software securely.
- Open Source Web Application Security Project: The Open Source Web Application Security Project (OWASP) is a not-for-profit group focused on improving the security of software. The OWASP website and YouTube channels have a huge number of free resources.