Skip to main content

GitHub Takes Aim at Open Source Software Vulnerabilities

posted onMay 6, 2020
by l33tdawg
Wired
Credit: Wired

Open source software has the potential to be very secure. Unlike proprietary code that can only be accessed directly by its own developers, anyone can vet open source projects to spot flaws and bugs. In practice, though, being open source is no panacea. Now, code repository GitHub is rolling out new tools for its GitHub Advanced Security suite that will make it easier to root out vulnerabilities in the open source projects managed on its platform.

Open source code present a few security challenges. In practice there aren't always enough people with the right expertise looking at it. And open source projects are generally ad hoc; they don't necessarily have a clear process in place for people to submit vulnerabilities, or the resources available for someone to patch them. Even if you surmount those hurdles, you may not know who's actually using your open source code and needs a patch.

"A lot of what we talk about is there’s a vulnerability, what’s the workflow for that vulnerability, now it gets addressed," says Jamie Cool, vice president of product for security for Microsoft-owned GitHub. "But the nirvana is you don’t introduce the vulnerability to begin with. You stop it from ever showing up. It really seems like this is a problem we should be able to help developers not introduce again and again, but by and large we haven’t succeeded at that as a software industry yet."

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th