The site specializing in the development of open source applications, GitHub, aims to set up a system to secure "codes from around the world".
With this somewhat surreal purpose, the platform officially opened its cybersecurity laboratory on November 14, the GitHub Security Lab. Mission: to secure open source software from around the world, because "free software security is important for everyone," the company said in a statement.
This article will also interest you: Snapchat's source code has been hacked and published on the GITHub platform
The platform is known to have been acquired by US company Microsoft for a net amount of $7.5 billion, but this has not reduced the influence of GitHub, which remains one of the leading development platforms today. Indeed it is a platform that is used by nearly 40 million developers worldwide, and can store about 100 million deposits of code. In this context GitHub wants to allow greater and complete accessibility to certain tools and resources, to allow developers to track the security of their codes.
The lab opened by the platform is already composed of 7 computer security experts, who is working full-time, on the vulnerabilities that can present the codes in Open Source. Already beginning on November 14, they managed to lay bare more than 105 "Common Vulnerabilities and Exposures" in abbreviated CVE, which is a kind of dictionary to identify computer vulnerabilities in order to bring it to the attention of other experts or interested in computer security.
In one of these publications, GitHub wanted to highlight the fact that 40 percent of new security vulnerabilities are not generally reported on the "Common Vulnerabilities and Exposures", and 70% of them will not be corrected within 30 days of being reported by researchers. Not only is the platform dedicated to mobilizing its own experts to achieve its goal, GitHub also promises free use of its CodeQL tool, which aims to effectively explore software code to detect vulnerabilities. it was a tool widely used by many computer security researchers and developers. It was developed by a company bought by Github last September, Semmle. In addition to CodeQL, the platform will provide another tool called GitHub Advisory Database, which will aim to publicly identify all security vulnerabilities on the platform, along with the opinions of experts and developers. This could be useful when centralizing the flaws discovered on open source software.
Now access an unlimited number of passwords: