[SOSS TASK FORCE] - Create security Skills for Developers

[SecurityCRob]

Create a “Security Skills for Developers” document that lists key skills job applicants should have, along with ways to acquire those skills/credentials, and evangelize to academia and to developers

[david-a-wheeler]

You might find my brief introduction slides helpful: A Brief Introduction to Developing Secure Software

Basically, turn some of those points into criteria.

For example, the implementation slide notes:

• Most vulnerabilities are common mistakes
• Learn what they are & how to avoid them
• Two helpful lists: OWASP Top 10 (for web apps); CWE Top 25

That could be turned in to:

Developer must know the most common types of mistakes that lead to vulnerabilities, along with how to avoid them. This at least includes those identified in the OWASP Top 10 and the CWE top 25.

[SecurityCRob]

Found these REALLY interesting interview questions for security engineers and security architects. Not completely targeted at devs, but there is some good stuff we can borrow in here: https://github.com/tadwhitaker/Security_Architect_and_Principal_Security_Engineer_Interview_Questions & https://github.com/tadwhitaker/Security_Engineer_Interview_Questions