GitHub on mission to secure the world’s open source software – Technology Decisions

Securing the worlds open source software is a formidable mission and one that GitHub has chosen to accept.

On 14 November, the hosting giant launched GitHub Security Lab a platform designed to empower people to secure open source code.

Through the platform, participants can access GitHubs analysis engine, CodeQL, which helps users find and eradicate vulnerability-causing code, as well as thousands of hours of security research, according to a blog post by GitHubs Vice President of Product Management, Security, Jamie Cool.

Users can also earn bounties of up to US$3000 for writing new CodeQL queries that find multiple, or a class of, vulnerabilities in open source code with high precision.

Cool said these tools would help the Labs security researchers, maintainers and partner companies such as Google, Intel, Microsoft and VMWare fight challenges of scale, expertise and coordination.

The JavaScript ecosystem alone has over one million open source packages. Then theres the shortage of security expertise: security professionals are outnumbered 500 to one by developers. Finally theres coordination: the worlds security experts are spread across thousands of companies, he said.

Lab researchers have already found and published 105 common vulnerabilities and exposures (CVEs), according to the site.

As more vulnerabilities are discovered, participants and end users will need better tools to handle them, Cool said.

Currently, Forty percent of new vulnerabilities in open source dont have a CVE identifier when theyre announced, meaning theyre not included in any public database. Seventy percent of critical vulnerabilities remain unpatched 30 days after developers have been notified, he said.

GitHub expects the Lab to help improve responses to newly discovered vulnerabilities by ensuring they are only announced when maintainers have fixed affected code and developers can quickly update affected software.

Lab intends to boost project participation through events and sharing of best practices.

Image credit: stock.adobe.com/au/maciek905

Go here to see the original:
GitHub on mission to secure the world's open source software - Technology Decisions

Related Posts
This entry was posted in $1$s. Bookmark the permalink.