INSUBCONTINENT EXCLUSIVE:
During her keynote at the Open Source Summit Europe 2019, Erica Bresica, GitHub’s newly appointed COO, shared that the top thousand
projects on the platform have contributions from over 75,000 people
While she addressed the need to protect this ecosystem in the evolving geo-political landscape of the day, in a conversation with us after
keynote, Erica says that security is also one of the top priorities for the platform. To underline her point, Erica refers to the keynote
of Yvonne Wassenaar, the CEO of Puppet, who quoted findings from Snyk’s State of Open Source Security Report 2019 to reveal the connection
between development and security
Snyk discovered that 37% of developers don’t do any sort of security testing during the CI portion of the development
They also mention that there’s been an 88% increase in application vulnerabilities over two years and 78% of those are through indirect
dependencies. Combine that with the Forrester report that says 58% of enterprises suffered a breach at least once in the previous year, and
over 41% of those external breaches exploited some software vulnerability, and you know we have a problem.Erica says that while the numbers
of contributions are impressive and a testament to the collaborative nature of open source, it’s also important to “think about how
security flows through all of that
It really is a global and community problem that we need to solve around software development, but also around security.”No wonder then
that security is a major topic of discussion at GitHub
The platform already has a strong commitment to security and is continuing to take steps to help developers build secure software.The
acquisition of Semmle, Erica says is just one of the many initiatives by the platform to help secure the open source supply chain: “We
actually are bringing a lot of really exciting things around security, the GitHub platform that will be talking about at GitHub Universe in
