• Login
Fintedex — Business, Fincance & Investment News
  • Contact
  • Submit a News Releases
No Result
View All Result
  • Contact
  • Submit a News Releases
No Result
View All Result
Fintedex — Business, Fincance & Investment News
No Result
View All Result
Home Technology

GitHub wants to help developers spot security issues before they get too serious

Timothy Wilson by Timothy Wilson
23.02.2022
in Technology
0
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

In an effort to further secure open source software, GitHub has announced that the GitHub Advisory Database is now open to community contributions.

While the company has its own teams of security researchers that carefully review all changes and help keep security advisories up to date, community members often have additional insights and intelligence on CVEs but lack a place to share this knowledge.

This is why GitHub is publishing the full contents of its Advisory Database to a new public repository to make it easier for the community to leverage this data. At the same time, the company has built a new user interface for security researchers, academics and enthusiasts to make contributions.

All of the data in the GitHub Advisory Database is licensed under a Creative Commons license and has been since the database was first created to ensure that it remains free and usable by the community.

Contributing to a security advisory

In order to provide a community contribution to a security advisory, GitHub users first need to navigate to the advisory they wish to contribute to and submit their research through the “suggest improvements for this vulnerability” workflow. Here they can suggest changes or provide more context on packages, affected versions, impacted ecosystems and more.

The form will then walk users through opening a pull request that details their suggested changes. Once this done, security researchers from the GitHub Security Lab as well as the maintainer of the project who filed the CVE  will be able to review the request. Contributors will also get public credit on their GitHub profile once their contribution has been merged.

Read More

> GitHub launches code scanning scheme to hunt down vulnerabilities

> Searching through your code just got easier in GitHub

> Developers can now easily sell their tools on GitHub Marketplace

In an attempt to further interoperability, advisories in the GitHub Advisory Database repository use the Open Source Vulnerabilities (OSV) format. Software engineer for Google’s Open Source Security Team, Oliver Chang provided further details on the OSV format in a blog post, saying:

“In order for vulnerability management in open source to scale, security advisories need to be broadly accessible and easily contributed to by all. OSV provides that capability.”

We’ll likely more on this change to the GitHub Advisory Database once security researchers, academics and enthusiasts begin making their own contributions to the company’s database.

  • We’ve also highlighted the best endpoint protection software

Previous Post

Dow Jones Newswires: Japan joins U.S. in imposing sanctions on Russia over Ukraine

Next Post

Spotify’s Car Thing is the streaming device your 2005 Chevy desperately needs

Related Posts

Some Windows updates might actually hurt your security
Technology

Some Windows updates might actually hurt your security

by Timothy Wilson
16.05.2022
It looks like Apple WWDC 2022 will be in-person after all – for some
Technology

It looks like Apple WWDC 2022 will be in-person after all – for some

by Timothy Wilson
16.05.2022
Tech Moves: Longtime Microsoft leader James Phillips leaves Stripe; and more
Technology

Tech Moves: Longtime Microsoft leader James Phillips leaves Stripe; and more

by Timothy Wilson
16.05.2022
Save up to $700 during Nolah Mattress’ Memorial Day Sale
Technology

Save up to $700 during Nolah Mattress’ Memorial Day Sale

by Timothy Wilson
16.05.2022
Report: Apple bringing USB-C to the iPhone but not the iPhone 14
Technology

Report: Apple bringing USB-C to the iPhone but not the iPhone 14

by Timothy Wilson
16.05.2022
Next Post

Spotify’s Car Thing is the streaming device your 2005 Chevy desperately needs

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Premium Content

Google Docs will now practically write your documents for you

17.02.2022

The reasons behind the stockmarket turmoil

17.02.2022

The global interest bill is about to jump

17.02.2022

Browse by Category

  • Business
  • Finance
  • Stock Market
  • Technology
  • Без рубрики

Browse by Tags

Europe Oleg Volin Russia Ukraine

Fintedex delivers real-time news about the financial industry: feature stories, industry developments, opinions plus the latest on people and trends.

Categories

  • Business
  • Finance
  • Stock Market
  • Technology
  • Без рубрики

Browse by Tag

Europe Oleg Volin Russia Ukraine

Recent Posts

  • The Location Guide, Filmmakers for Ukraine and EUFCN join forces for fundraiser at Cannes 2022
  • Free exchange: The world needs a new economic motor. Could India fit the bill?
  • Buttonwood: Why Italy’s borrowing costs are surging once again

© 2021 Fintedex.

No Result
View All Result
  • Contact
  • Submit a News Releases

© 2021 Fintedex.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?