IT Brief Asia logo
Technology news for Asia's largest enterprises
Story image

GitHub Advisory Database opens to community contributions

By Shannon Williams
Thu 24 Feb 2022

GitHub has announced the GitHub Advisory Database is now open to community contributions, allowing anyone to contribute security information to advisories to better secure software supply chains.

The world of open source security is fast moving, GitHub says, with new vulnerabilities and different attack vectors driving the community to continuously seek to learn more. GitHub has teams of security researchers that review all changes and help keep security advisories up to date, but often there are community members with additional insights and intelligence on CVEs that do not have a place to share this knowledge.

GitHub is publishing the full contents of the Advisory Database to a new public repository to make it easier for the community to benefit from this data. It has also built a user interface for making contributions. The data is licensed under a Creative Commons license, and has been since the databases inception, making it forever free and usable by the community.

The GitHub Advisory Database is the largest database of vulnerabilities in software dependencies in the world. It is maintained by a dedicated team of full-time curators and powers the security audit experience for npm and NuGet, as well as GitHub's own Dependabot alerts. By making it easier to contribute to and consume, Github says it hopes it will power more experiences and will further help improve the security of all software.

How to contribute to a security advisory
With community contributions, security researchers, academics, and enthusiasts will now be able to provide additional information and context to further the community's understanding and awareness of security advisories. To provide a community contribution to a security advisory, navigate to the advisory to which you wish to contribute to, and submit your research through the suggest improvements for this vulnerability workflow. 

To complete your submission, the form will walk you through opening a pull request that details your suggested changes. Once the pull request is open, security researchers from the GitHub Security Lab, as well as the maintainer of the project who filed the CVE (if known), will be able to review your request. Contributors will get public credit on their GitHub profile once their contribution is merged!

Advisory Database format
In the spirit of furthering interoperability, advisories in the GitHub Advisory Database repository use the Open Source Vulnerabilities (OSV) format. In order for vulnerability management in open source to scale, security advisories need to be broadly accessible and easily contributed to by all, said Oliver Chang, software engineer for Googles Open Source Security Team. OSV provides that capability.

Learn more about GitHub supply chain security
The GitHub Advisory Database is the foundation of GitHubs supply chain security capabilities, including Dependabot alerts and Dependabot security updates. If you have a security vulnerability in an open source repository that you maintain, the built-in security advisories feature in every GitHub open source repository can help.

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Adatree, Brother, Databricks, Nutanix & Rubrik
We round up all job appointments from May 20-26, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Customer experience
The importance of service level management to customer experience
Staffing shortages have impacted site reliability engineers in particular since they are under extreme pressure to ensure that digital assets perform at optimum levels 24/7.
Story image
DevOps
Deloitte expands cloud observability practice with Dynatrace
Deloitte is expanding its cloud observability practice, including DevOps principles, AI/ML, cloud complexity management and software engineering.
Story image
Contact Centre
Leveraging technology in contact centres to reduce attrition rates
Many organisations worldwide have accelerated DX to better respond to changing market drivers and business environments after the disruption of the pandemic.
Story image
GapMaps
GapMaps Live to improve brand decisions on physical locations
GapMaps has released its latest service GapMaps Live, giving more insights and features to help brands make better decisions about physical locations.
Story image
Sustainability
Aligned Data Centers increases sustainability-linked loan
Aligned Data Centers has increased its sustainability-linked loan from $375 million to $1.75 billion to speed up the next phase of its strategic growth.
Story image
Training
Infosec unveils role-guided cybersecurity training roadmaps
Infosec Skills Roles maps hands-on training and certifications to the 12 most in-demand cybersecurity roles to maximise training efficiency.
Story image
APAC
Top data and tech challenges for APAC banks - report
InterSystems’ new report finds that 87% of A/NZ banks experience frustrations and concerns in using their data to drive decision-making.
Story image
Symbio
Symbio consolidates TNZI business to support APAC expansion
Symbio has recently announced the consolidation of its international business (TNZI) under the Symbio brand to support its Asia Pacific expansion strategy.
Story image
Red Sift
Entrust expands strategic partnership with Red Sift
Entrust has expanded its strategic partnership with Red Sift to make it easier for businesses to adopt Brand Indicators for Message Identification (BIMI) standards for email identification and security.
Story image
Data Protection
Information management capabilities to meet privacy requirements
Organisations with customers or operations across more than one country face a spate of new and proposed privacy and data protection laws.
Story image
SpaceX
Australian space tech startup secures SpaceX support
Space Machines Company has secured the support of SpaceX as a launch partner in carrying SMC's Optimus Orbital Transfer Vehicle to space next year.
Story image
BYOD / Bring Your Own Device
How zero trust can lead the battle against ransomware
SecOps teams champion a zero trust strategy to support the fight against the escalating risk of cybercrime and help monitor threat actors across a network.
Story image
Digital Transformation
Harnessing digital innovations to maximise loyalty programmes and improve CX
When it comes to the retail sector, merchants have never had access to so many different client touchpoints and data to understand their customers better.
Story image
NVIDIA
NVIDIA announces a spate of new innovations at Computex 2022
NVIDIA has announced its latest innovations in data center, robotics, content creation, and gaming in a virtual keynote address on the opening day of Computex 2022 in Taipei.
Story image
Microsoft
Elevation of Privilege the top 2021 Microsoft vulnerability
BeyondTrust has released its 2022 Microsoft Vulnerabilities Report, finding that Elevation of Privilege is the top vulnerability category for the second consecutive year.
Story image
Microsoft
Microsoft previews Power Platform website design offering
Microsoft has announced the preview of Power Pages, the fifth product in its Power Platform family, designed for low-code makers and professional developers.
Story image
Malware
Fortinet introduces self-learning AI in latest offering
Fortinet is introducing self-learning AI capabilities in its new network detection and response offering, FortiNDR.
Story image
Digital Transformation
Digital transformation increasing business complexities
A new survey suggests businesses must re-examine their digital transformation approach to better help employees adapt to change.
Story image
Surveillance
i-PRO releases smallest AI-based surveillance camera on the market
The new i-PRO mini network camera is now available, with a pocket-sized form factor and full AI analytics functionality.
Story image
DaaS
NetApp launches Spot PC, a new Desktop-as-a-Service solution
This is a new managed cloud DaaS solution with security, automation, observability and optimisation capabilities, designed for the needs of today.
Story image
Rackspace
Skills shortages hold orgs back from capitalising on cloud 2.0
Organisations are becoming more comfortable with sophisticated 'cloud 2.0' technologies, even as they confront difficulties in hiring and retaining IT talent.
Story image
Digital Signage
MAXHUB's Digital Signage range to bolster boardroom productivity
The new MAXHUB Digital Signage technology is purpose-built to make every kind of team meeting more effective.
Sift
Navigating digital fraud and dispute can be tough. The Q4 2021 Digital Trust & Safety Index by Sift can give helpful insights to your business on keeping safe and prepared online.
Link image
Story image
Silver Peak
The path to an adaptive, modern network
Managing and securing the network looks different than it did just two years ago—especially given that most of these networks are made up of multi-generations of infrastructure stitched together over time.
Sift
Knowing the mechanics of retail fraud can greatly improve your chances of preventing an online attack. Read the new infographic by Sift to discover how your business can be prepared.
Link image
Exabeam
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
Transport
Third-party automotive apps bear significant privacy risks
Mobile applications for connected cars provide various features to make life easier for motorists, but they can also be a source of risk.
Story image
Artificial Intelligence
Gartner reveals top three tech trends for banks this year
Gartner says generative artificial intelligence, autonomic systems and privacy-enhancing computation are gaining traction in banking and investment services.
Story image
Informatica
Informatica, Oracle enter strategic global cloud partnership
Oracle named Informatica as a preferred partner for enterprise cloud data integration and data governance for data warehouse and lakehouse solutions on OCI. 
Story image
Ponemon Institute
Email revealed to be riskiest channel for data loss
More than half (60%) of organisations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.
Story image
Cyber attacks
Devastating cyber attacks expected to hit energy sector
Energy executives anticipate life, property, and environment-compromising cyber attacks on the sector within the next two years.
Story image
Ransomware
APAC organisations fail to disclose ransomware breaches
85% of organisations in APAC were breached by ransomware at least once in the past five years, but only 28% publicly disclosed the incident.
Story image
Alteryx
Alteryx releases updates, empowers data insights for enterprise
Alteryx has released new advancements designed to aid enterprises with cloud analytics, democratise insights and ensure data governance.
Story image
Logistics
Dematic robotic solutions win big at Singapore technology awards
Dematic has won the Robotics-Logistics award at the recently concluded Singapore Business Review Technology Excellence Awards.
Story image
Artificial Intelligence
Frost & Sullivan recognises Genesys as leader in new reports
Frost & Sullivan has recognised Genesys as a leader in the cloud contact centre market for its robust cloud and digital capabilities.
Sift
Having secure retail solutions can be a make or break factor for a customers satisfaction. Sift has the expert tools and expertise to keep retail practices safe and customers happy.
Link image
SonicWall
Find out how you and your business can prevent being caught out by everything from ransomware to cryptojacking.
Link image
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Story image
Cybersecurity
Accenture - a collective security approach a driving factor for cyber resilience
With the approaching Davos World Economic Forum upon us, it is even more imperative to discuss the impact of cybersecurity on business operations leading into the future.
Sift
Connected e-commerce apps are the future of retail and higher revenue growth. Read the new ebook by Sift to find out how to maximise your business potential.
Link image
Story image
Manhattan Associates
Shortening the click-to-customer cycle through smart technologies
Speed of delivery without accuracy is a dealbreaker for consumers. How can retailers operating in an omnichannel environment overcome the challenge of click-to-customer cycle times.
Story image
Digital Marketing
Getty Images delves into the world of NFTs with Candy Digital
Getty Images and Candy Digital, the next-generation digital collectible company, have announced a new multi-year partnership agreement.
Story image
Identity and Access Management
The post-pandemic workforce requires secure IAM capabilities
HID Global discusses what identity and access management means for organisations in today's convoluted digital world.