SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
App development
#
APM
#
Cybersecurity
GitHub hosts more than 56 million developers in 2020
Mon, 7th Dec 2020
FYI, this story is more than a year old
By Staff Writer
Follow us

More than 56 million developers have been busy building projects on the now Microsoft-owned platform GitHub - and those developers have added more than 1.9 billion contributions, as well as more than 60 million repositories.

GitHub's 2020 State of the Octoverse report crunched the numbers to find out how the year has unfolded for its massive global community.

The top development languages this year include Javascript, Python, Java, C#, PHP, C++, C, Shell, Ruby, and Objective-C.

“We see increased development work—both time spent and amount of work—across all time zones we investigate. It's unclear if developers are taking advantage of flexible work schedules, or stretching the same amount of work over a longer period of time. However, in some cases work volume increases. Developers may be taking advantage of flexible schedules to manage their time and energy, which contributes to this sustained productivity,” GitHub says.

One of the major focal points this year is security in open source. According to the report, upwards of 90% of projects rely on open source components such as JavaScript, Ruby, and .NET. When considered with the number of dependencies (an average of 700), any security issues in the supply chain can have a major effect on different parts of a project.

However, most security vulnerabilities are not deliberately malicious but are instead mistakes. GitHub says that of the CVEs that GitHub flags, 83% are due to mistakes - not malicious intent.

Further, 17% of vulnerabilities were classed as malicious, yet they triggered a mere 0.2% of all alerts. These malicious vulnerabilities include bugdoors and backdoors, which can often be obscured from developers.

GitHub's Securing The World's Software sub-report states, “The last line of defence against these backdoor attempts is careful peer review in the development pipeline, especially of changes from new committers. Many mature projects have this careful peer review in place. Attackers are aware of that, so they often attempt to subvert the software outside of version control at its distribution points or by tricking people into grabbing malicious versions of the code through, for example, typosquatting a package name.

In some projects, security vulnerabilities can remain undetected for four years, however once handed over to the package maintainer and security community, a patch or fix can be created in just over four weeks.

The report suggests that developers:

  • Regularly check dependencies for vulnerabilities
  • Fix vulnerabilities quickly and maintain a current code base.
  • Use automation to remediate vulnerabilities and protect security
  • Participate in the community if developers have a security team.
Related stories
Half of online traffic in 2024 generated by bots, report finds
Axis unveils hybrid cloud platform for adaptable security solutions
Keeper Security launches user-friendly passphrase generator
Understanding the key to boosting cybersecurity habits: Kaspersky study
Spirent partners with online payments platform to boost cyber defenses
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services