GitHub announces GitHub Security Lab that unites security researchers, maintainers, and companies across the industry to secure open-source applications.
GitHub was found in 2008 and acquired by Microsoft on Oct 26, 2018, the platform has more than 40 million registered users and has more than 100 million repositories. GitHub is a platform that provides hosting for software development.
CodeQL Code Analysis Engine
As a part of the GitHub Security Lab, the company makes it semantic code analysis engine CodeQL free for anyone to detect vulnerabilities on open source applications.
CodeQL is the tool used by several security research teams around the world to perform semantic analysis of code and GitHub alone used the tool for reporting more than 100 CVEs.
It is a powerful tool to discover a bad pattern, then by using similar patterns to find the error across the entire codebase.
Also, they announced the GitHub Advisory Database, which lists the advisories created on GitHub and also data associated with the packages.
GitHub Security Lab
“GitHub Security Lab’s mission is to inspire and enable the global security research community to secure the world’s code,” reads the blog post.
GitHub invites researches across thousands of companies to help with GitHub Security Lab and CodeQL. The following are the companies donating expertise to find vulnerabilities in open-source software.
The companies are F5, Google, HackerOne, Intel, IOActive, J.P. Morgan, LinkedIn, Microsoft, Mozilla, NCC Group, Oracle, Trail of Bits, Uber and VMWare.
If you are an individual security researcher or a group and if you want to help then you can join with the whole community to work together.
“We’re excited to have an initial set of partners that have all committed to achieving this goal. Together, we’re contributing tools, resources, bounties, and thousands of hours of security research to help secure the open-source ecosystem.”