Github acquires code analysis platform company Semmle to find zero-day vulnerabilities

Github announced the acquisition of a code analysis platform company called Semmle. Semmle is dedicated to finding zero-day vulnerabilities and automating the analysis of their variants. Semmle’s semantic code analysis engine allows developers to write queries, identify programming patterns in large codebases, search for vulnerabilities and their variants. Previously, Semmle has been used by Google, Uber, Microsoft and many open-source project developers to improve the security of their products and services.

Microsoft said the acquisition will help Semmle attract more developers. In the next few months, you can expect deeper integration between Semmle and the Github product line.

Security researchers use Semmle to quickly find vulnerabilities in code with simple declarative queries. These teams then share their queries with the Semmle community to improve the safety of code in other codebases. Software security is a community effort; no single company can find every vulnerability or secure the open source supply chain behind everyone’s code. Semmle’s community-driven approach to identifying and preventing security vulnerabilities is the very best way forward. – Nat Friedman from Microsoft.

Via: MSPU