Cartoon of the Week: GitHub to acquire Semmle

GitHub, Microsoft’s software hosting service, has announced the acquisition of Semmle, a code analysis tool that allows developers to detect potential and critical security vulnerabilities in code.

The financial terms of the transaction have not been disclosed by the two companies. Nevertheless, GitHub intends to make Semmle’s automated code review products available through its GitHub Actions tool.

Founded in 2006, Semmle claims that its products and technologies have been used by NASA, Uber, Google and Microsoft to improve their cybersecurity posture.

‘Open source has had a remarkable track record over the past 20 years. Today, almost all software from any vendor or community includes open source code in its supply chain. We all benefit from the open source model and we all have a role to play in the success of open source for the next 20 years,’ says GitHub in a blog article. ‘These two announcements are part of our broader strategy to secure the global code.’

‘We are very pleased to be joined by Semmle’s team and to welcome their world-renowned security engineers and researchers to GitHub. Together, we will bring their work to all open source communities and our customers. As a community of developers, maintenance managers and security researchers, we can all collaborate to create a more secure software,’ GitHub adds.

GitHub relies on source code security

GitHub, recently acquired by Microsoft, has recently focused a lot on security features. This new acquisition of Semmle is therefore entirely logical. The company will host a security webinar on 3 October, where it will share more about what to expect from Semmle and GitHub.

It should be recalled that GitHub has recently been the subject of severe criticism due to a series of data violations. Canonical, the manufacturer of the Ubuntu operating system, recently revealed that it had been attacked by hackers. In an official statement, the company said that hackers had compromised its GitHub account, the source code sharing platform, on 6 July 2019 and created 11 new repositories. It is believed that the attackers have no access to any sensitive information or manipulated source code.

GitHub faced a similar problem when a Chinese drone manufacturer, Da-Jiang Innovations, found itself in the cybersecurity category following a bug bounty issue. On 21 November 2017, Kevin Finisterre, an independent security researcher, said he found a private key published on the GitHub code sharing platform, after which he was able to access confidential and sensitive information about his customers and saw ‘unencrypted flight logs containing driver’s licences and identity cards’.

GitHub’s acquisition of Semmle, aimed at strengthening the security of the Microsoft subsidiary, will likely result in the integration of the company’s technology into GitHub. However, Semmle’s current services and customers will remain unchanged. In fact, the company says it will now be able to better serve its customers through its stake in GitHub. Existing Semmle products will work as before, but they’ll have new features with tight integration for GitHub.

Semmle engineers will join GitHub security engineers in this acquisition. ‘Software security is a community effort. No company can find all the vulnerabilities or secure the open source supply chain behind everyone’s code. Semmle’s community-based approach to identifying and preventing security vulnerabilities is the best way forward,’ says Nat Friedman, CEO of GitHub.

All this means that when open source code is in a GitHub repository, users can have reasonable confidence in security. What do you think about this?

Follow eXo Platform’s board Cartoon of the Week on Pinterest.

Brahim Jaouane

I am a Digital Marketing specialist specialized in SEO at eXo Platform. Passionate about new technologies and Digital Marketing. With 10 years' experience, I support companies in their digital communication strategies and implement the tools necessary for their success. My approach combines the use of different traffic acquisition levers and an optimization of the user experience to convert visitors into customers. After various digital experiences in communication agencies as well as in B2B company, I have a wide range of skills and I am able to manage the digital marketing strategy of small and medium-sized companies.