15
During her keynote at the Open Source Summit Europe 2019, Erica Bresica, GitHub’s newly appointed COO, shared that the top thousand projects on the platform have contributions from over 75,000 people.
While she addressed the need to protect this ecosystem in the evolving geo-political landscape of the day, in a conversation with us after keynote, Erica says that security is also one of the top priorities for the platform. To underline her point, Erica refers to the keynote of Yvonne Wassenaar, the CEO of Puppet, who quoted findings from Snyk’s State of Open Source Security Report 2019 to reveal the connection between development and security.
Snyk discovered that 37% of developers don’t do any sort of security testing during the CI portion of the development.
They also mention that there’s been an 88% increase in application vulnerabilities over two years and 78% of those are through indirect dependencies. Combine that with the Forrester report that says 58% of enterprises suffered a breach at least once in the previous year, and over 41% of those external breaches exploited some software vulnerability, and you know we have a problem.Erica says that while the numbers of contributions are impressive and a testament to the collaborative nature of open source, it’s also important to “think about how security flows through all of that.
It really is a global and community problem that we need to solve around software development, but also around security.”No wonder then that security is a major topic of discussion at GitHub.
The platform already has a strong commitment to security and is continuing to take steps to help developers build secure software.The acquisition of Semmle, Erica says is just one of the many initiatives by the platform to help secure the open source supply chain: “We actually are bringing a lot of really exciting things around security, the GitHub platform that will be talking about at GitHub Universe in November.”
