sb-as logo
Story image

GitHub hosts more than 56 million developers in 2020

07 Dec 2020

More than 56 million developers have been busy building projects on the now Microsoft-owned platform GitHub - and those developers have added more than 1.9 billion contributions, as well as more than 60 million repositories.

GitHub’s 2020 State of the Octoverse report crunched the numbers to find out how the year has unfolded for its massive global community.

The top development languages this year include Javascript, Python, Java, C#, PHP, C++, C, Shell, Ruby, and Objective-C.

“We see increased development work—both time spent and amount of work—across all time zones we investigate. It’s unclear if developers are taking advantage of flexible work schedules, or stretching the same amount of work over a longer period of time. However, in some cases work volume increases. Developers may be taking advantage of flexible schedules to manage their time and energy, which contributes to this sustained productivity,” GitHub says.

One of the major focal points this year is security in open source. According to the report, upwards of 90% of projects rely on open source components such as JavaScript, Ruby, and .NET. When considered with the number of dependencies (an average of 700), any security issues in the supply chain can have a major effect on different parts of a project.

However, most security vulnerabilities are not deliberately malicious but are instead mistakes. GitHub says that of the CVEs that GitHub flags, 83% are due to mistakes - not malicious intent. 

Further, 17% of vulnerabilities were classed as malicious, yet they triggered a mere 0.2% of all alerts. These malicious vulnerabilities include bugdoors and backdoors, which can often be obscured from developers.

GitHub’s Securing The World’s Software sub-report states, “The last line of defence against these backdoor attempts is careful peer review in the development pipeline, especially of changes from new committers. Many mature projects have this careful peer review in place. Attackers are aware of that, so they often attempt to subvert the software outside of version control at its distribution points or by tricking people into grabbing malicious versions of the code through, for example, typosquatting a package name.”

In some projects, security vulnerabilities can remain undetected for four years, however once handed over to the package maintainer and security community, a patch or fix can be created in just over four weeks.

The report suggests that developers:

  • Regularly check dependencies for vulnerabilities
  • Fix vulnerabilities quickly and maintain a current code base.
  • Use automation to remediate vulnerabilities and protect security
  • Participate in the community if developers have a security team.
Story image
Mobile devices biggest enterprise security threat - report
Businesses have left themselves vulnerable and open to cyber criminals in the rush to ensure their workforce could operate remotely during the Covid-19 pandemic.More
Story image
Zscaler and CrowdStrike release integrations for end-to-end security
This collaboration between the two cloud-native security companies provides joint customers with adaptive, risk-based access control to private applications.More
Story image
Data transparency increasingly important, Kaspersky study states
“It is clear from the data that people have developed a sense of control and they are now demanding openness about how and where their data is being managed."More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
COVID-19-themed threats, Powershell malware continue surge
“The world—and enterprises—adjusted amidst pandemic restrictions and sustained remote work challenges, while security threats continued to evolve in complexity and increase in volume."More