Casa » Notícia » GitHub agora pode atribuir identificadores CVE para vulnerabilidades

GitHub agora pode atribuir identificadores CVE para vulnerabilidades

Esta semana, representantes do GitHub anunciou imediatamente um número de inovação, incluindo o fato de que GitHub completou a certificação como um Numeração Autoridade CVE, a empresa agora pode atribuir de forma independente identificadores CVE para vulnerabilidades.

First, Dependency Graph will add support for PHP projects on Composer. This means that users will be able to receive automatic security warnings for any vulnerabilities that arise in the dependencies of their PHP projects.

Developers can see security alerts on your repositories as dependency graph support rolls out. When there’s a published vulnerability on any of the Composer dependencies that projects lists in composer.json e composer.lock arquivos, GitHub will send an alert including email or web notifications, depending on user’s preferences.

Leia também: nova cyberminer de Rocke remove concorrentes e usa GitHub para se comunicar com C2

em segundo lugar, Microsoft acquired a Semmle code analysis tool (the amount of the transaction was not disclosed). It is planned to integrate it with GitHub over time and then use it to improve the vulnerability scanning process. Recall that by now Semmle is already used by Google, Uber, NASA and Microsoft and many other open source projects.

“Semmle QL benefits both developers and maintainers. It has a library of thousands of queries, all open source, that have been defined by some of the industry’s best security researchers”, — reported in GitHub.

Thirdly, this week GitHub completed certification as a CVE Numbering Authority, isso é, now the company will be able independently assign CVE identifiers to vulnerabilities.

“We believe that fast, unfettered movement of vulnerability data is critical to improving software security. This is why we’re excited to share that GitHub has been approved as a CVE Numbering Authority for open source projects. We’ll be able to issue CVEs for security advisories opened on GitHub, allowing for even broader awareness across the industry”, — reported GitHub specialists.

GitHub’s authority will extend only to open source projects hosted on the platform, but this means that vulnerabilities in the bug tracker will receive CVE identifiers much faster, since project owners will be able to request a CVE from GitHub, bypassing the time-consuming process of contacting and approving the bug in MITRE.

Sobre Trojan Killer

Carry Trojan Killer portátil em seu memory stick. Certifique-se que você é capaz de ajudar o seu PC resistir a quaisquer ameaças cibernéticas onde quer que vá.

Além disso, verifique

Krack para Amazon Eco e Kindle

Krack Ameaças de vulnerabilidade Milhões de Amazon Eco e Kindle Devices

Milhões de 1ª geração smartphones Amazon eco e 8ª geração Amazon Kindle e-books têm sido …

Graboid se espalha através de Docker Containers

sem-fim de mineração graboid se propaga através dos recipientes Docker

especialistas Palo Alto Networks, descobriu o estranho sem-fim-jacking cripto Graboid, que se propaga através do …

Deixar uma resposta