Technology, Top News

GitHub helped to resolve almost 500,000 bugs in one month

SOCIAL CODING SITE GitHub has claimed that its recently-launched security scan tool has helped to combat almost half a million vulnerabilities in its repositories since launching late last year.

Rolling out across the site in November, GitHub’s tool scans popular open source libraries and alerts users when it detects a vulnerability in one of their dependencies, suggesting known fixes from the GitHub community.

The site said it uncovered a whopping four million across 500,000 repositories when it launched the tool, and within a month, was able to help repository owners resolve over 450,000 bugs by either removing the dependency or changing to a secure version.

It responded to 45 per cent of all alerts within one week, the site said.

“Initially, we took our list of vulnerable libraries and compared it to the dependency graphs of all public repositories. We […] displayed an alert to repository admins in their dependency graphs and repository home pages (for Ruby and Javascript),” Github said in a blog post.

“Since [the detection] our rate of vulnerabilities resolved in the first seven days of detection has been about 30 percent. Additionally, 15 per cent of alerts are dismissed within seven days — that means nearly half of all alerts are responded to within a week. Of the remaining alerts that are unaddressed or unresolved, the majority belong to repositories that have not had a contribution in the last 90 days.”

In the future, GitHub says it expects all repositories with recent contributions being patched in fewer than seven days.

“With the recent launch of our regular vulnerability digest emails, we’re working to make this even easier for maintainers and security teams,” the site said, adding that it has more ways to help users keep code safe on the way. µ

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend