GitHub Becomes CVE Numbering Authority, Acquires SemmleGitHub Becomes CVE Numbering Authority, Acquires Semmle
Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.
September 19, 2019

GitHub, the popular code repository, is becoming a CVE Numbering Authority and acquiring Semmle, a code-analysis engine that will be available to all public repositories and enterprise customers.
As a CVE Numbering Authority, GitHub can assign a CVE ID, post to the CVE List, and then post to the National Vulnerability Database (NVD) on behalf of a developer. According to a blog post announcing its news, GitHub said it expects the combination of Semmle code scanning and CVE number assignment will make it much more likely that vulnerabilities in open source projects will be found and reported.
Semmle reports that more than 100 open source CVEs have already been identified using its semantic code analysis system. GitHub hosted 100 million repositories as of August.
Check outĀ The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Poll Results: Maybe Not Burned Out, But Definitely 'Well Done'."
About the Author(s)
Tricks to Boost Your Threat Hunting Game
Nov 06, 2023Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023