GitHub, With Microsoft And OpenAI, Leads The Charge In Secure Software Development

GitHub, in collaboration with Microsoft and OpenAI, has big plans to change the way people write and build software. With 100 million developers and 330 million code repositories,  GitHub is one of the most important companies of the 21st century that folks who aren’t developers don’t know much about. However, there is a bit of open-source software in pretty much everything, and GitHub is a critical source of code that the world’s developer community has used to build a plethora of products.

GitHub is also playing a key role in the emerging technologies at the bleeding edge of the generational shift in tech. In a recent interview with ET Prime, Mike Hanley, Chief Security Officer and Senior Vice-President of Engineering at GitHub, discussed the role that GitHub plays in the AI ecosystem and how it envisions a more secure world of coding.

GitHub is building experiences off of the first two pieces (models and infrastructure) for developers and users. For example, GitHub Copilot for AI-assisted development is an extremely exciting development for the developer tool space that is going to change the way people write and build software. GitHub believes that security really starts with the developer. Data tells us that the vast majority of developers are not security experts. Therefore, there’s a massive shortfall in cybersecurity talent globally. GitHub's central goal is to build security assurance right from the start.

GitHub invests in building those lower layers of the stack so that if you’re a developer, you can focus on the higher-level value that you want to add to your customer. From a security perspective, the goal is to ask how development can move quickly while putting in the right safety mechanisms and guardrails to assure that the services and capabilities being built are secure and can be operated securely.

For example, one of GitHub's guardrails is when they deploy things to their cloud infrastructure. They want to make sure that it’s running on a container that meets all of their security standards, which means that it's enrolled in all of their telemetry capabilities, and meets all the baselines and audit-compliance requirements.

GitHub is making two-factor authentication (2FA) mandatory because it's the right thing to do for the broader ecosystem. In the IT space, zero trust has been all the rage for six or seven years. However, the incentive structure generally isn't there for people to opt-in to 2FA. If an account is compromised, the consequences are typically borne downstream by consumers of the software that's being built and shipped. As a platform, GitHub can assert good hygiene and is putting a lot of effort into making it a good experience. However, you have to use 2FA because the broader effects and benefits to the ecosystem outweigh any additional friction that an individual needs to bear on that front.

Security at GitHub is enabled right from the start, rather than being baked in or slapped on at the end. The culture that GitHub fosters a healthier environment and approach to security, which matters a lot. Peter Drucker said that culture eats strategy for breakfast. In this case, security culture eats security strategy for breakfast. GitHub has a unique opportunity because it has Copilot for AI-assisted development, as well as a set of security products to help with things like code scanning. This gives developers a platform-wide view of capabilities that impact the entire timeline of the software-development lifecycle.

The White House Open Source Security Summit, which took place at the end of 2021, brought together many companies that have a role to play in open source to discuss the topic of establishing liability for software products and services. This dialogue between the private sector and the US government is a positive step towards ensuring software security and reliability.

While liability may be a new concept in the software development industry, it has been a long-standing practice in other industries. The introduction of liability for software products and services will mean that software developers will need to adhere to stricter regulations and standards and be held accountable for any harm caused by their software.

According to Mike Hanley, Chief Security Officer and Senior Vice-President of Engineering at GitHub, the establishment of liability for software products and services will have a trickle-down effect on developers, as federal regulations and laws typically show up in the form of rules around the purchase and acquisition of technology. This means that developers will need to ensure that their software meets these regulations and standards to remain competitive in the market.

The security of software products and services has become increasingly important in recent years, with the rise of cyber-attacks and data breaches. In response, GitHub has made two-factor authentication (2FA) mandatory for all users to enhance security on the platform. This move from an opt-in to a mandatory 2FA strategy is part of GitHub's efforts to build security assurance right from the start and to make development move quickly while ensuring that the services and capabilities being built are secure and can be operated securely.

GitHub's approach to security is unique, with engineering and security being led by the same person. This is because GitHub believes that security starts with the developer and that the more programming and security experiences can be brought together, the more seamless it is for developers to build secure software. Hanley helps to build guardrails and paved paths to enable more work to get done more quickly and correctly, without the need for a security engineer to constantly monitor the development process.

GitHub is also playing a key role in the emerging technologies of artificial intelligence (AI) and machine learning (ML). With ChatGPT and OpenAI, Microsoft and GitHub are developing new models that will change the way people write and build software. GitHub Copilot, for example, is an AI-assisted development tool that will change the way developers write and build software. This tool provides suggestions for code that is more secure than what a developer might have written on their own, helping to prevent common mistakes that could otherwise become vulnerabilities.

As software continues to "eat the world," GitHub remains one of the most important companies of the 21st century. With 100 million developers and 330 million code repositories, GitHub is a critical source for code that the world's developer community has built a plethora of products. While it has had its share of controversies, GitHub continues to be the most important resource that developers across the world use for work.

In conclusion, GitHub's unique position in the software development industry, as well as its initiatives towards security and liability, is making it a leader in the field. By making security assurance a top priority, GitHub is building a safer and more reliable ecosystem for software development. The platform's involvement in emerging technologies such as AI and ML is also helping to change the way developers write and build software, making it faster, more efficient, and more secure than ever before.