sb-au logo
Story image

GitHub hosts more than 56 million developers in 2020

07 Dec 2020

More than 56 million developers have been busy building projects on the now Microsoft-owned platform GitHub - and those developers have added more than 1.9 billion contributions, as well as more than 60 million repositories.

GitHub’s 2020 State of the Octoverse report crunched the numbers to find out how the year has unfolded for its massive global community.

The top development languages this year include Javascript, Python, Java, C#, PHP, C++, C, Shell, Ruby, and Objective-C.

“We see increased development work—both time spent and amount of work—across all time zones we investigate. It’s unclear if developers are taking advantage of flexible work schedules, or stretching the same amount of work over a longer period of time. However, in some cases work volume increases. Developers may be taking advantage of flexible schedules to manage their time and energy, which contributes to this sustained productivity,” GitHub says.

One of the major focal points this year is security in open source. According to the report, upwards of 90% of projects rely on open source components such as JavaScript, Ruby, and .NET. When considered with the number of dependencies (an average of 700), any security issues in the supply chain can have a major effect on different parts of a project.

However, most security vulnerabilities are not deliberately malicious but are instead mistakes. GitHub says that of the CVEs that GitHub flags, 83% are due to mistakes - not malicious intent. 

Further, 17% of vulnerabilities were classed as malicious, yet they triggered a mere 0.2% of all alerts. These malicious vulnerabilities include bugdoors and backdoors, which can often be obscured from developers.

GitHub’s Securing The World’s Software sub-report states, “The last line of defence against these backdoor attempts is careful peer review in the development pipeline, especially of changes from new committers. Many mature projects have this careful peer review in place. Attackers are aware of that, so they often attempt to subvert the software outside of version control at its distribution points or by tricking people into grabbing malicious versions of the code through, for example, typosquatting a package name.”

In some projects, security vulnerabilities can remain undetected for four years, however once handed over to the package maintainer and security community, a patch or fix can be created in just over four weeks.

The report suggests that developers:

  • Regularly check dependencies for vulnerabilities
  • Fix vulnerabilities quickly and maintain a current code base.
  • Use automation to remediate vulnerabilities and protect security
  • Participate in the community if developers have a security team.
Story image
Alibaba Cloud and LGMS tackle hybrid and multi-cloud security
Alibaba Cloud and LGMS, a cybersecurity consulting company, are teaming up to tackle the challenge of security around digital transformation and hybrid cloud.More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
New research reveals evolving tactics attackers use to trick victims
"Attackers prefer to use COVID-19 in their less targeted scamming attacks that focus on fake cures and donations."More
Story image
Cybersecurity spending to increase following SolarWinds hacking
Hackers breached software provider SolarWinds, directly infecting the company’s Orion software as well as several local, state and federal agencies.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Darwin to become home to world's first Indigenous operated data centre
In a coup for the Darwin area, local Indigenous-owned business Binary Security has acquired the rights to operate a major new data centre at Charles Darwin University.More