GitHub launches Security Lab to boost open source security
Launched last week at its GitHub Universe developer conference, the idea sounds simple enough – create a global platform for reporting and fixing security vulnerabilities in open source projects before they do serious damage.
It sounds so obvious, it’s surprising that nobody’s thought of it before. That might have something to do with the size of the job, admitted GitHub’s vice president of security product management in Security Lab’s launch blog:
Securing the world’s open source software is a daunting task.
Lots of developers crank out vulnerable code, leaving a tiny clean-up squad to pick up the mess of a problem that sprawls across thousands of companies.