sb-as logo
Story image

GitHub hosts more than 56 million developers in 2020

07 Dec 2020

More than 56 million developers have been busy building projects on the now Microsoft-owned platform GitHub - and those developers have added more than 1.9 billion contributions, as well as more than 60 million repositories.

GitHub’s 2020 State of the Octoverse report crunched the numbers to find out how the year has unfolded for its massive global community.

The top development languages this year include Javascript, Python, Java, C#, PHP, C++, C, Shell, Ruby, and Objective-C.

“We see increased development work—both time spent and amount of work—across all time zones we investigate. It’s unclear if developers are taking advantage of flexible work schedules, or stretching the same amount of work over a longer period of time. However, in some cases work volume increases. Developers may be taking advantage of flexible schedules to manage their time and energy, which contributes to this sustained productivity,” GitHub says.

One of the major focal points this year is security in open source. According to the report, upwards of 90% of projects rely on open source components such as JavaScript, Ruby, and .NET. When considered with the number of dependencies (an average of 700), any security issues in the supply chain can have a major effect on different parts of a project.

However, most security vulnerabilities are not deliberately malicious but are instead mistakes. GitHub says that of the CVEs that GitHub flags, 83% are due to mistakes - not malicious intent. 

Further, 17% of vulnerabilities were classed as malicious, yet they triggered a mere 0.2% of all alerts. These malicious vulnerabilities include bugdoors and backdoors, which can often be obscured from developers.

GitHub’s Securing The World’s Software sub-report states, “The last line of defence against these backdoor attempts is careful peer review in the development pipeline, especially of changes from new committers. Many mature projects have this careful peer review in place. Attackers are aware of that, so they often attempt to subvert the software outside of version control at its distribution points or by tricking people into grabbing malicious versions of the code through, for example, typosquatting a package name.”

In some projects, security vulnerabilities can remain undetected for four years, however once handed over to the package maintainer and security community, a patch or fix can be created in just over four weeks.

The report suggests that developers:

  • Regularly check dependencies for vulnerabilities
  • Fix vulnerabilities quickly and maintain a current code base.
  • Use automation to remediate vulnerabilities and protect security
  • Participate in the community if developers have a security team.
Story image
Sophos unearths origin of prominent cryptominer
The cryptominer was recently discovered when attackers targeted internet-facing database servers (SQL servers), and the MrbMiner was downloaded and installed.More
Story image
Kaspersky steps in to protect automotive industry from cyber threats
The company’s TI report, previously available for a selected range of customers, is able to provide car manufacturers with in-depth analysis of industry-specific security threats.More
Story image
Emotet remains leading malware in global threat index
The malware has impacted 7% of organisations globally, following a spam campaign which targeted more than 100,000 users per day during the holiday season.More
Story image
Cybersecurity strategies must involve every part of the organisation - study
In the past year, a third of the breaches incorporated social engineering techniques and the cost of a breach caused by a human error averaged to $3.33 million. More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More