GitHub opens advisory database to open source contributors

Hello and welcome to Protocol Enterprise! Today: why GitHub is opening its security database to the public, Microsoft’s new “Singularity” AI research computing project, and some of the biggest recent funding deals in enterprise technology.

Twirl up

Cloud infrastructure service providers offer a dizzying array of options, which is both a blessing and a curse for their customers. More than half of cloud customers said they find choosing the right service to be the hardest part of controlling cloud costs.

With a little help from our friends

We have known about the shaky foundations of open source software security for years, but following the discovery of the Log4j vulnerability last year, we’re starting to see more action.

After the Biden administration brought together leaders from across the enterprise technology and open source software communities to discuss how to improve open source security, new initiatives from the Linux Foundation, Google, Microsoft, and npm have all targeted the need for better security hygiene within open source software. On Tuesday, npm’s parent company, GitHub, made some changes to its database of known vulnerabilities that could give developers better access to information in their daily workflow and an opportunity to share useful details with colleagues.

  • GitHub’s advisory database is now open for contributions from developers who want to share detailed information about software vulnerabilities, such as affected versions.
  • The Microsoft-owned coding repository has also released the “full content” of this database in a new format that will be available under a very permissive license, it said in a blog post.
  • “Thanks to community contributions, security researchers, academics, and enthusiasts will now be able to provide additional information and context to deepen the community’s understanding and awareness of security advisories,” Kate Catlin wrote. from GitHub in the post.

For more than 20 years, the CVE list has been the gold standard to get official information about security vulnerabilities, but that information goes through a deliberate process.

  • Whenever a critical software vulnerability is discovered, it triggers a race between users of that software scrambling to defend themselves and hackers determined to exploit the vulnerability.
  • GitHub users closer to the action don’t have the authority of an organization like CVE, but they often have tips and tricks that might help users determine if they’re affected by the vulnerability and what measures to follow.
  • An internal GitHub team will still review submissions to guard against the expected insanity that always accompanies allowing the public to post things to the internet, and they will also use the Open Source Vulnerabilities format which allows computers to read and process lists.

While the new venture appears to be a good faith effort by GitHub to help find ways to improve a huge industry-wide problem, it’s hard to forget that it also contributes to GitHub’s long-term vision of being the central tool in the toolbox tools of a software developer.

  • Developers have plenty of information resources at their disposal, but it’s not hard to imagine that information presented alongside their day-to-day coding tasks would reduce the incentive to go elsewhere.
  • Nevertheless, given the extent to which enterprise technology relies on open source software to run its operations, more sources of information about security vulnerabilities are always helpful.
  • “By making it easier to contribute and consume, we hope it will fuel even more experiences and further contribute to improving the security of all software,” Catlin wrote.

—Tom Krazit (E-mail | Twitter)

A MESSAGE FROM CLARI

How do you optimize sales and marketing performance? Aim them at the same targets. Watch the latest episode of Club Revenue on Nasdaq as Bhaskar Roy, Chief Marketing Officer at Workato, reveals his remarkable tactics for marketing and sales to outperform.

Learn more

Microsoft wants to achieve singularity at a lower cost

When used in relation to AI, the term “singularity” usually refers to a futuristic time when artificial intelligence will become so advanced that it will surpass that of human intelligence, presaging death for us brains. daily. That’s not the case at Microsoft, where the company has developed a “Singularity” team that’s building what the company calls a “planet-scale” AI supercomputer.

The company unveiled Singularity, a globally distributed workload planning service for deep learning, in a research paper that highlighted the need to reduce the cost of building learning systems by depth, which require huge volumes of data and computing power. Several researchers from Microsoft divisions, including Azure, have written that the scheduler can anticipate and elastically scale deep learning workloads without affecting accuracy or performance.

As we move away from deep learning powered by massive datasets, companies like Meta, Facebook’s parent company, and Microsoft are building infrastructure to enable the development of AI that requires gargantuan amounts. information and processing power. Whether their endgame is the Singularity in the classic sense, we’ll have to wait and see.

-Kate Kaye (E-mail | Twitter)

Coming to Protocol

It’s never been easier to use multiple cloud providers for modern technology infrastructure needs, but should you use multiple cloud providers? Join our panel of experts next Wednesday, March 2 at 10:00 a.m. PT to learn more about the pros and cons of multicloud computing and how enterprises should consider their options as the market evolves.

Protocol’s Tom Krazit will moderate the discussion with Priyanka Sharma, Executive Director of the Cloud Native Computing Foundation; Paul Cormier, CEO, Red Hat; and David Linthicum, Director of Cloud Strategy, Deloitte. RSVP here.

A MESSAGE FROM CLARI

How do you optimize sales and marketing performance? Aim them at the same targets. Watch the latest episode of Club Revenue on Nasdaq as Bhaskar Roy, Chief Marketing Officer at Workato, reveals his remarkable tactics for marketing and sales to outperform.

Learn more

Thanks for reading – see you tomorrow!