Recently, SciTechDaily was covering r2c – a startup founded by students of MIT – which has developed a new tool, Semgrep, to allow developer to test-proof their applications against all publicly-known hacks and threats out there. The tool is actually a list of prewritten rules that developers can directly integrate into their code, or tweak to their convenience.
Another initiative also made recent headlines: Github just opened up its Advisory Database to boost software supply chain security by gathering a community of involved developers around it. According to Github, its Advisory Database is the “largest database of vulnerabilities in software dependencies”. A user interface has been created to allow the community to submit new threat issues, and the GitHub Security Lab is in charge of reviewing those submissions.
On its end, the Linux Foundation has just launched the Open Source Security Foundation (OpenSSF) which aims to educate any developer working on an open source project on the wide array of security threats that exist. Those who achieve those courses will get the certificate “Secure Software Development Fundamentals”.
All those projects indicate that developers should stop worrying about security threats and instead rely on third-party providers, so that they can focus solely on coding their product without worrying about. Security threats are not a thing of the past just yet, but in a world where anyone should be able to develop an application without coding knowledge, finding a way to live in a threat-free digital world is a fundamental prerequisite.