Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,154,084 members, 7,821,739 topics. Date: Wednesday, 08 May 2024 at 05:39 PM

Github Launches Security Lab To Spot Vulnerabilities In Open-source Code - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / Github Launches Security Lab To Spot Vulnerabilities In Open-source Code (708 Views)

How Can I Check My Website For Vulnerabilities / Github Acquires Semmle To Help Developers Spot Security Vulnerabilities / Android 10 Gets Its First Security Patch, 49 Security Vulnerabilities Fixed (2) (3) (4)

(1) (Reply)

Github Launches Security Lab To Spot Vulnerabilities In Open-source Code by andrewwe: 6:44pm On Nov 16, 2019
GitHub has officially launched a new Security Lab with an aim to secure open-source software.

The objective is to “bring together security researchers, maintainers, and companies across the industry who share our belief that the security of open source is important for everyone,” the Microsoft-owned code repository platform said.

Joining the company in this initiative are security professionals from various tech companies, including F5, Google, HackerOne, Intel, IOActive, J.P. Morgan, LinkedIn, Microsoft, Mozilla, NCC Group, Oracle, Trail of Bits, Uber, and VMWare.

To that effect, the company is making CodeQL freely available for anyone to find vulnerabilities in open-source code. It’s also launching GitHub Advisory Database, a public database of security advisories created on GitHub.

CodeQL, the sematic code analysis tool used to spot exploits in codebases, comes from its acquisition of Semmle back in September.

In addition to identifying and reporting vulnerabilities in open source software, GitHub Security Lab will adhere to an open-source security lifecycle that ensures maintainers and developers disclose and fix software flaws while leveraging CodeQL to prevent security vulnerabilities from occurring in the future.

Semmle‘s CodeQL has been instrumental in uncovering hundreds of bugs in open-source projects, spanning across Google Chromium, Linux, Ubuntu, and Microsoft’s Edge browser.

For its part, Semmle provides its own disclosure dashboard. But it won’t be surprising if GitHub integrates it with its new Advisory Database in the future, making it all accessible in one place.

From popular programming languages like Python and Ruby, and machine learning frameworks like TensorFlow, to JavaScript libraries and application deployment solutions like Kubernetes, GitHub plays host to a number of software projects that form the basis of modern web today.

As of August 2019, the software collaboration service is being used by more than 40 million developers worldwide and is used to store 100 million code repositories.

The development comes close on the heels of the company’s release of a native mobile app for iOS (in beta), and an improved code search and notifications experience. It also purchased Pull Panda earlier this year to beef up its portfolio of code review tools and provide developers an infrastructure to create secure software that follows the best software practices.

Now, with the formation of an open coalition of security teams and researchers to boost software security, GitHub has emerged the most comprehensive plaform capable of handling all aspects of the software development workflow.

https://www.gamespot.com/rising-sun/forums/battle-breakers-unlimited-gems-hack-download-ios-a-33474035/

https://www.gamespot.com/snood/forums/pewdiepies-pixelings-unlimited-bux-hack-download-i-33474036/

(1) (Reply)

Nord VPN Available For Sale. / Closed / Do You Have Youtube Channel With 10K (Or Above) Subscribers Up For Sales ?

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 12
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.