Github patches 4 million vulnerabilities in half a million repositories

By on
Github patches 4 million vulnerabilities in half a million repositories

Github announced the discovery of more than 4 million vulnerabilities located in 500,000 plus repositories.

In 2017, the code sharing site started vulnerability scanning for known Common Vulnerabilities and Exposures in its Ruby and JavaScript libraries, according to a March 21 blog post. The libraries are operated through the company's Dependency Graph which matches the code against the vulnerabilities.

Shortly after the program was launched, Github said 450,000 of the identified flaws had been resolved by 1 December, 2017 and its rate of vulnerabilities resolved in the first seven days of detection has been about 30 percent.

“Additionally, 15 percent of alerts are dismissed within seven days—that means nearly half of all alerts are responded to within a week,” the company said. “Of the remaining alerts that are unaddressed or unresolved, the majority belong to repositories that have not had a contribution in the last 90 days.”

The company is seeing maintainers patching vulnerabilities in fewer than seven days for almost all repositories with recent contributions. Github emphasized that it never publicly discloses identified vulnerabilities for any repository and that it detects vulnerable dependencies in public repositories by default.  Owners and admins of these repositories have the option to opt into vulnerability detection for the repository.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

What does 2019 hold for you?
Business as usual, focused on organic growth
I'm looking to sell my business
I'm going to acquire another business
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?