The world runs on software, which in turn relies on open source. In fact, 99% of the world’s software has at least some open source code in its DNA,

The Open Source Software Security Summit: securing the world’s code together | The GitHub Blog

submited by
Style Pass
2022-01-13 10:30:07

The world runs on software, which in turn relies on open source. In fact, 99% of the world’s software has at least some open source code in its DNA, meaning the apps and programs that power our lives reflect the hard work of open source developers. This also means that vulnerabilities in open source code can have a global ripple effect across the billions of developers and services that rely on it. As the world’s largest developer platform, GitHub takes those risks seriously and understands its responsibility to support the millions of developers on our platform in coding securely. As part of that responsibility, today, my colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit to share how securing open source begins by empowering developers.

It’s a timely gathering in light of the security events we witnessed in the past year, with SolarWinds and Log4j providing key reminders of the importance of securing critical code. We’ve seen how just one or two lines of vulnerable code can have a dramatic impact on the health, safety, and trustworthiness of entire systems in the blink of an eye. And while this is not a new issue, as we saw with Heartbleed, the recent events further underscored two ways the tech industry can come together and help. First, there must be a collective industry and community effort to secure the software supply chain. Second, we need to better support open source maintainers to make it easier for them to secure their projects.

Leave a Comment