back to article GitHub gobbles biz used by NASA, Google, etc to search code for bugs and security holes in Mars rovers, apps...

On Wednesday, Microsoft's GitHub said it has acquired Semmle, a San Francisco-based software analysis platform for finding vulnerabilities in code. No price was disclosed. GitHub CEO Nat Friedman said Semmle's code analysis engine provides developers with a way to write queries for code patterns and variations, which allows …

  1. elDog

    Does that mean that Microsoft will try to identify bugs before it releases its updates/patches?

    One can hope.

    But then all the Never On The First Tuesday admins won't have to wait to upgrade.

    1. Crazy Operations Guy

      Re: Does that mean that Microsoft will try to identify bugs before it releases its updates/patches?

      Probably looking at least a decade before that can happen, I worked with a company that got absorbed by Redmond, took several years before we were actually fully integrated into Redmond, then a few years before our products got absorbed into actual products. Before that, we were just kind of an independent company that happened to exist within Redmond.

      We were fairly small and the product we made was installed on massive number of Windows machines anyway to the point where our code might as well had shipped on the Windows install disks anyway. It still took 6 years for our code to actually ship with Windows instead of as a separate download. I shudder to think how long something as big and non-Microsofty as GitHub will take to integrate, let alone these new folks.

      1. Sandtitz Silver badge
        Holmes

        Re: Does that mean that Microsoft will try to identify bugs before it releases its updates/patches?

        Skype? Winternals? Frontpage? ...Bob?

        1. Crazy Operations Guy

          Re: Does that mean that Microsoft will try to identify bugs before it releases its updates/patches?

          A collection of very low latency I/O libraries that a -lot- of games and drivers used. Pretty much if you needed a user-mode bit of code to safely read/write from a peripheral's memory, we were your first stop. Our code eventually replaced a bunch of components of DirectX, and the Windows Driver Framework, and became part of Hyper-V.

          We were brought into the fold during the Longhorn development period in 2004 when they decided to reset all their development efforts. We were scooped up to save time in developing code that they had failed to write properly the first time around, or hadn't gotten around to writing it yet.

  2. GnuTzu Silver badge

    "Software security is a community effort..."

    "...no single company can find every vulnerability..."

    Yup. Black hats only have to find one hole in the dyke; we have to plug them all.

    1. Fatman

      Re: "Software security is a community effort..."

      <quote>have to find one hole in the dyke</quote>

      Did you use the wrong word, or are you tempting LGBTQ retaliation for your choice of word??

      Watch out for the PC police.

      1. BebopWeBop Silver badge

        Re: "Software security is a community effort..."

        Spelt correctly and used appropriately - what's your problem?

      2. Anonymous Coward
        Anonymous Coward

        Re: "Software security is a community effort..."

        I would have thought anyone could use a plug really.

      3. Alister Silver badge

        Re: "Software security is a community effort..."

        Did you use the wrong word, or are you tempting LGBTQ retaliation for your choice of word??

        Do you know what a levee is?

        Well in Europe and the UK, that's a dyke, and has been for centuries.

  3. This post has been deleted by a moderator

  4. Tom Paine Silver badge

    Recursion

    But what finds bugs in the QL regexps and query logic?

    1. amanfromMars 1 Silver badge

      Re: Recursion

      But what finds bugs in the QL regexps and query logic? ..... Tom Paine

      I'd like to propose AI with Virtually Advanced IntelAIgent Operating Systems Upgrades to QL regexps and query logic. All old bugs are then exterminated and rendered future ineffectual.

      1. Anonymous Coward
        Anonymous Coward

        Re: Re...

        And it works pretty well. Just on The Eve of the Event, before it was tested officially.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020