Source: GitHub Blog | Author: Nico Waisman
보안 연구원으로서 GitHub 보안 연구소 팀은 새로운 취약성 문제가 발생할 때마다 정서적인 여정을 시작합니다. 새로운 연구를 시작할 때의 흥분, 고원에 부딪힐 때 오는 실망, 집중을 유지하는 데 필요한 에너지, 그리고 바라건대, 해결 불가능해 보이는 문제에 몇 주 또는 몇 달 동안 노력한 후에 가시적인 결과를 얻을 수 있는 순수한 기쁨을 느낄 수 있습니다.
Regardless of how proud you are of the results, do you ever get a nagging feeling that maybe you didn’t make enough of an impact? While single bug fixes are worthwhile in improving code, it’s not sufficient enough to improve the state of security of the open source software (OSS) ecosystem as a whole. This holds true especially when you consider that software is always growing and changing—and as vulnerabilities are fixed, new ones are introduced.
Beyond single bug fixes
At GitHub, we host millions of OSS projects which puts us in a unique position to take a different approach with OSS security. We have the power and responsibility to make an impact beyond single bug fixes. This is why a big part of the GitHub Security Lab mission is to find ways to scale our vulnerability hunting efforts and empower others to do the same.
Our goal is to turn single vulnerabilities into hundreds, if not thousands, of bug fixes at a time. Enabled by the GitHub engineering teams, we aim to establish workflows that are open to the community that tackle vulnerabilities at scale on the GitHub platform.
Ultimately, we want to establish feedback loops with the developer and security communities, and act as security facilitators, all while working with the OSS community to secure the software we all depend upon.
We’re taking a deep-dive in the remediation of a security vulnerability with CERT. Learn more about how we found ways to scale our vulnerability hunting efforts and empower others to do the same.