GitHub announced at a global developer conference that it has launched a new community program called the Security Lab. In this plan, GitHub not only open-sourced the code analysis engine CodeQL but also set up a vulnerability reward plan with a reward of up to $ 3,000.
CodeQL is a new open-source tool just launched by GitHub. This is a semantic code analysis engine designed to find different versions of the same vulnerability in a large amount of code. CodeQL can help us find vulnerabilities across code bases; allow us to query code like data, write queries to find all variants of vulnerabilities, and eliminate them permanently; share the results of this query to help others eliminate vulnerabilities.
The mission of the GitHub Security Lab is to inspire and empower the global security research community to protect the security of global code; it is intended to further solve code security challenges, improve the lack of open source communities, and lay a good foundation for high-quality code contributions from open source communities. This plan has also received the support of many big cattle companies, including Microsoft, Google, Intel, etc.