قالب وردپرس درنا توس
Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Microsoft acquires Semmle, GitHub now CVE numbering authority

Microsoft acquires Semmle, GitHub now CVE numbering authority



The Microsoft affiliate of GitHub announced today that it has become a CVE Numbering Authority and that it has completed the acquisition of the Semmle code analysis platform.

Semmle's analytical mechanism, QL, simplifies the process of finding variations of the same coding error

GitHub improves the error scanning process

GitHub plans to add Semmle technology to its services and improve code development and the process of discovering the vulnerability of its users.

Semmle treats source code as data and enables the identification of entire vulnerability classes at a much faster rate than traditional code analysis methods. The product is now used by major organizations such as Google, Uber, Microsoft and NASA.

"Security researchers identify vulnerabilities and their variants with a QL request. This query can be shared and implemented across many codebases, freeing security researchers to do what they love and do best: hunt for new classes of vulnerability. "- Shanku Niyogi, GitHub Product SVP

GitHub plans to integrate Semmle into its services and provide 36 million platform developers with the opportunity to check their error code before launching the product. This is in the early stages. [19659003] Easier Error Reporting, Tracking, and Correction

Today, GitHub is a Common Vulnerability and Exposure Numbering System (CVE) or CNA, which means it can assign vulnerability identifiers.

Security consulting open on the platform can now be tracked more easily and researchers, supporters and developers can better collaborate to remove security issues.

It is worth noting that GitHub has already caused vulnerabilities in the reports received to confirm the impact and affected users before launching alerts.

Automatic security patching feature that appeared after Dependabot acquired Automated Dependency Updates (Ruby, Python, JavaScript, PHP, .NET, Go, Elixir, Rust, Java and Elm), pasting dependencies already is not a manual task for developers.

With these changes, GitHub is stepping up its role in cybersecurity, offering its enormous core services to developers to detect vulnerabilities in their faster-speed projects, bug tracking and automation of dependency patches.


Source link