
Securing Software Together: GitHub and Semmle - archon810
https://blog.semmle.com/secure-software-github-semmle/
======
schwag09
Here's the broader security strategy post from Github, "Securing software,
together":
[https://github.com/features/security](https://github.com/features/security)

It looks like Github is making a definite play into the security space. The
above post mentions vulnerability detection (a la SourceClear or r2c),
collaboration between reporters and maintainers (a la HackerOne), automated
dependency updating (a la PyUp and others), automated token scanning (a la
TruffleHog), CVE creation and more.

This makes sense as Github is unique positioned to do a lot of this work
better and more efficiently than the disparate set of tools and companies
relying on their functionality. This feels like a page out of the AWS playbook
as far as letting others build on top of your functionality, see what people
like, then doing it yourself, but better.

