Github has recently initiated new initiatives to ensure its security. The company’s newly appointed COO, Erica Brescia, announced during the Open Source Summit Europe 2019 that more than 75,000 people were contributors to the majority of the top thousand projects on the platform. Given the volume of people actively involved on Github’s platform, Erica emphasized why and how they prioritize security for the platform above anything else.
She pointed to the CEO of Puppet as an example. Yvonne Wassenaar explained the connection between development and security in Snyk’s State of Open Source Security Report 2019. In a study conducted by Snyk, it was revealed that over the course of two years, application vulnerabilities had increased more than 88% mainly due to the fact that a significant portion (37%) of developers were not performing security testing during the CI portion of development.
That fact was further supported by Forrester’s report that the problem was caused by software vulnerability. In the previous year alone, 58% of enterprises suffered a breach at least once and 41% of those were caused by lack of software security. Because of this, Github has taken major steps to secure the data supply chain such as offering huge prizes for bug hunters and bringing unlimited private repositories to free users enabling them to use the platform for their private projects.
Erica is aware that despite the overwhelming number of contributions and testaments they receive, knowing how security is integrated throughout their platform is critical since they are dealing with a community on a global scale. She mentioned that the Acquisition of Semmle is just one of Github’s numerous initiatives. The company will release most of their initiatives on Github Universe come November.