It looks like Github is making a definite play into the security space. The above post mentions vulnerability detection (a la SourceClear or r2c), collaboration between reporters and maintainers (a la HackerOne), automated dependency updating (a la PyUp and others), automated token scanning (a la TruffleHog), CVE creation and more.
This makes sense as Github is unique positioned to do a lot of this work better and more efficiently than the disparate set of tools and companies relying on their functionality. This feels like a page out of the AWS playbook as far as letting others build on top of your functionality, see what people like, then doing it yourself, but better.
It looks like Github is making a definite play into the security space. The above post mentions vulnerability detection (a la SourceClear or r2c), collaboration between reporters and maintainers (a la HackerOne), automated dependency updating (a la PyUp and others), automated token scanning (a la TruffleHog), CVE creation and more.
This makes sense as Github is unique positioned to do a lot of this work better and more efficiently than the disparate set of tools and companies relying on their functionality. This feels like a page out of the AWS playbook as far as letting others build on top of your functionality, see what people like, then doing it yourself, but better.