If you work in the programming field you are no stranger to version control systems and how crucial they are to successful projects. Git completely revolutionized the scene when it made its appearance in early April, 2005. In fact you'd be hard pressed to find a tech shop that's not using it as their primary version control system these days. With this sweep many
companies and individuals needed remote repositories to store their code. GitHub was quick to fill this need and became by far the most popular choice. GitHub is currently the largest of many code repository sites with more than 24 million users and 69 million repositories.
While doing some research on what to make the next blog post about I stumbled across this little article. I'll save you a click if you're feeling lazy. GitHub announces 4 million vulnerabilities patched in half a million repositories.
That sounds like a big number, but what stuck out to me wasn't the size, it's what I learned about the site.
Yeah but how do they find these vulnerabilities?
As for now they check for vulnerabilities with CVE ID's. That simply means they check for known issues that are logged in National Vulnerability Database. A government run site and database just for vulnerabilities.
Based on their latest blog post they seem happy with how well the community has taken to these security alerts. It seems there will be many more changes on the horizon to improve securities in your code repositories and when those come up we will be sure to cover them here.
For more resources on keeping your code safe from vulnerabilities, checkout GitHub's security marketplace.