At the ongoing GitHub Universe event, COO Erica Brescia unveiled a series of announcements focused on securing the open-source code.
The major highlights include the launch of a new community program Security Lab that will help developers and security researchers from different organizations to spot and fix bugs in open-source software.
The founding members of this new initiative are security researchers from organizations like Google, Microsoft, Intel, Mozilla, Oracle, Uber, VMWare, LinkedIn, J.P. Morgan, and more.
GitHub says the founding members have already reported and fixed more than 100 vulnerabilities. From now, individual security researchers and organizations can also join the program.
There is a bug bounty program as well that compensates up to $3,000 to bug hunters for the time they dedicate to hunting vulnerabilities in open source projects.
Besides this, GitHub is also making CodeQL freely available for everyone to help them find flaws in open-source code. [CodeQL is a semantic code analysis tool used to spot exploits in codebases]
The company is also launching GitHub Advisory Database which is a public database of security advisories created on the code repository platform.
Apart from identifying and reporting vulnerabilities in open source software, GitHub Security Lab aims to improve the open-source security lifecycle. This is to ensure that maintainers and developers can report and fix software flaws while using CodeQL to prevent security flaws from occurring in the future.
