GitHub, one of the world’s leading software development platforms, has launched GitHub Security Lab with aim to secure open source software.
On Thursday, GitHub announced the launch of GitHub Security Lab, a program designed to bring together an inspire the security research community to help find and fix open source vulnerabilities.
“The GitHub Security Lab will help identify and report vulnerabilities in open source software, while maintainers and developers use GitHub to create fixes, coordinate disclosure, and update dependent projects to a fixed version,” said Jamie Cool, VP of Product Management, Security at GitHub in a recent blog post.
GitHub says the new Security Lab will help “level the playing field” by leveraging the world’s security experts spread across thousands of companies.
To that end, maintainers and developers can collaborate to disclose vulnerabilities and fix software versions quickly and more easily. To add, researchers and maintainers can apply for a new CVE directly to GitHub and then publish vulnerabilities to the GitHub Security Advisory. GitHub will then send security alerts to impacted projects.
In addition, GitHub will make available CodeQL, a free “state-of-the art” code analysis engine:
“CodeQL lets you query code as though it were data. If you know of a coding mistake that caused a vulnerability, you can write a query to find all variants of that code, eradicating a whole class of vulnerabilities forever.”
Other Security Lab program features more improved security workflow, token scanning and an Advisory Database as well.