GitHub opens its cybersecurity platform

The site specializing in the development of open source applications, GitHub, aims to set up a system to secure "codes from around the world".

With this somewhat surreal purpose, the platform officially opened its cybersecurity laboratory on November 14, the GitHub Security Lab. Mission: to secure open source software from around the world, because "free software security is important for everyone," the company said in a statement.

This article will also interest you: Snapchat's source code has been hacked and published on the GITHub platform

The platform is known to have been acquired by US company Microsoft for a net amount of $7.5 billion, but this has not reduced the influence of GitHub, which remains one of the leading development platforms today. Indeed it is a platform that is used by nearly 40 million developers worldwide, and can store about 100 million deposits of code. In this context GitHub wants to allow greater and complete accessibility to certain tools and resources, to allow developers to track the security of their codes.

The lab opened by the platform is already composed of 7 computer security experts, who is working full-time, on the vulnerabilities that can present the codes in Open Source. Already beginning on November 14, they managed to lay bare more than 105 "Common Vulnerabilities and Exposures" in abbreviated CVE, which is a kind of dictionary to identify computer vulnerabilities in order to bring it to the attention of other experts or interested in computer security.

In one of these publications, GitHub wanted to highlight the fact that 40 percent of new security vulnerabilities are not generally reported on the "Common Vulnerabilities and Exposures", and 70% of them will not be corrected within 30 days of being reported by researchers. Not only is the platform dedicated to mobilizing its own experts to achieve its goal, GitHub also promises free use of its CodeQL tool, which aims to effectively explore software code to detect vulnerabilities. it was a tool widely used by many computer security researchers and developers. It was developed by a company bought by Github last September, Semmle. In addition to CodeQL, the platform will provide another tool called GitHub Advisory Database, which will aim to publicly identify all security vulnerabilities on the platform, along with the opinions of experts and developers. This could be useful when centralizing the flaws discovered on open source software.

At this point, the goal is no longer just to spot the security flaw. it will consist of preventing it, but also looking for ways to fill and eliminate them. To succeed in this bet, GitHub will rely on the community of cybersecurity developers and researchers at its disposal. GitHub Security Lab is an initiative that relies heavily on a collaborative basis to "inspire the global security research community." GitHub does not ignore the amount of work it will submit to its researchers. "The JavaScript ecosystem alone has millions of open source packages (…) there is a security expert for 500 developers, and these are scattered across different companies. To overcome these challenges, GitHub Security Lab will organize events to bring together and exchange players in the sector. ». This initiative will be associated with big names such as Microsoft, Google, Mozilla, JP Morgan, LinkedIn and Uber.

Now access an unlimited number of passwords:

Check out our hacking software