GitHub Becomes CVE Numbering Authority, Acquires SemmleGitHub Becomes CVE Numbering Authority, Acquires Semmle
Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.
September 19, 2019
GitHub, the popular code repository, is becoming a CVE Numbering Authority and acquiring Semmle, a code-analysis engine that will be available to all public repositories and enterprise customers.
As a CVE Numbering Authority, GitHub can assign a CVE ID, post to the CVE List, and then post to the National Vulnerability Database (NVD) on behalf of a developer. According to a blog post announcing its news, GitHub said it expects the combination of Semmle code scanning and CVE number assignment will make it much more likely that vulnerabilities in open source projects will be found and reported.
Semmle reports that more than 100 open source CVEs have already been identified using its semantic code analysis system. GitHub hosted 100 million repositories as of August.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Poll Results: Maybe Not Burned Out, But Definitely 'Well Done'."
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
2021 Gartner Market Guide for Managed Detection and Response Report
Managed Security and the 3rd Party Cyber Risk Opportunity Whitepaper