GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab.
“Our team will lead by example, dedicating full-time resources to finding and reporting vulnerabilities in critical open source projects,” said Jamie Cool, VP of Product Management, Security at GitHub.
GitHub Security Lab
GitHub Security Lab is a program aimed at researchers, maintainers, and companies that want to contribute to the overall security of open source software.
Current contributors/partners include companies like Microsoft (GitHub is a Microsoft subsidiary), Google, HackerOne, Intel, IOActive, LinkedIn, Mozilla, NCC Group, Oracle, Trail of Bits, Uber, VMware, F5 and J.P. Morgan, which will be “donating their time and expertise to find and report vulnerabilities in open source software.”
Two months ago, GitHub became a CVE Numbering Authority (CNA). This allows the company to issue CVE identifiers for all libraries and products hosted on github.com in a public repository, unless they are otherwise covered by another CNA.
According to Cool, the team has already had over 100 CVEs issued for security vulnerabilities it has found.
Security Lab is an effort meant to make the task easier, especially sinc ..