Microsoft-owned GitHub recently announced that it has acquired code analysis provider Semmle in an undisclosed amount. Based in San Francisco, Semmle develops an engineering analytics solution. It helps developers and security researchers discover potential vulnerabilities in their code.
Founded in 2006, Semmle claims that its products have been used by NASA, Uber, Google, and Microsoft to enhance their cybersecurity posture.
GitHub stated that it’s now a Common Vulnerabilities and Exposures (CVE) Numbering Authority and with the latest acquisition it will become easy for code contributors to report potential vulnerabilities directly from the repositories.
“Open source has had a remarkable run over the past 20 years. Today almost every software product from any vendor or community includes open-source code in its supply chain. We all benefit from the open-source model, and we all have a role to play in making open source successful for the next 20 years,” GitHub said in a blog post. “Both of these announcements are part of our larger strategy to secure the world’s code.”
“We’re so excited to be joined by the Semmle team and to welcome their world-class engineers and security researchers to GitHub. Together, we’ll bring their work to all open source communities and to our customers. As a community of developers, maintainers, and researchers, we can all work together toward more secure software for everyone,” GitHub added.
GitHub faced severe criticism recently due to a series of data breaches. Canonical, the maker of the Ubuntu operating system, recently revealed that it has suffered a hacker attack. In an official statement, the company stated that hackers have compromised its GitHub account, a code-sharing site, on July 6, 2019, and created 11 new repositories. It’s believed that the attackers apparently didn’t access any sensitive information or manipulated source codes.
Github faced a similar issue when a Chinese drone maker Da-Jiang Innovations (DJI) landed itself into a cybersecurity row over a bug bounty issue. On November 21, 2017, Kevin Finisterre, an independent security researcher, claimed that he found a private key publicly posted on code-sharing site Github, after which he was able to access confidential and sensitive customer information and saw “unencrypted flight logs, passports, drivers’ licenses, and identification cards.”
