Sep 27, 2019 newsletter

GitHub acquires Semmle to help researchers and developers secure open source software

As the backbone of the open source supply chain, GitHub has a unique responsibility to preserve the overall health of the open source ecosystem. With the acquisition of Semmle, GitHub takes another step to help developers on its platform safely create and consume open source software with automated testing and vulnerability detection.

Semmle’s security tools will streamline vulnerability detection for engineering teams. GitHub plans to integrated Semmle’s automated code review into GitHub Actions, further strengthening its arsenal of developer-centric automated workflows.

The acquisition will benefit security researchers, too. GitHub notes that Semmle’s tools can empower community security researchers who are needed to secure the world’s open source software at a time when the ratio of security researchers to developers is falling.

Semmle offers two main products. QL helps security researchers quickly find vulnerabilities in code using coding exploration tools and a variant analysis engine that detects variants of critical vulnerabilities. LGTM automatically analyzes commits to identify vulnerabilities and help developers avoid security issues before their code reaches production.

Semmle is used at a number of large technology companies, including Uber, NASA, Microsoft, and Google. With a strong reputation and a long history of detecting security issues in open source projects, Semmle will noticeably enhance GitHub’s security features.


Cloud-first development is reinventing the entire development stack, even programming languages

Ballerina released version 1.0 of its new cloud native programming language that hopes to replace traditional languages with a cloud-first alternative. Ballerina represents shifting attitudes in how software developers view languages as tools and how cloud-driven engineering is redefining development paradigms, from serverless and containerization to remote development and programming languages.

Most programming languages were created before containerization and microservices became popular development workflows. As a result, modern development often requires middleware or clunky boilerplate code to communicate across networks, between services, and through APIs.

With Ballerina, network communication is encapsulated in the language, providing developers with easy ways to read, forward, and transform messages between protocols, like HTTP, WebSockets, TCP, and more. With out-of-the-box communication tools in the Ballerina language, developers can minimize dependencies, reduce middleware, and increase resiliency.

Under development since 2016, Ballerina is the latest in a wave of cloud-first development tools. While versatile languages like PHP, JavaScript, and Python led the first wave of cloud innovation, future developer stacks may be even more cloud-optimized.


Open source champion Automattic raises $300M, but developer mindshare is uncertain

Automattic’s latest fundraising represents a noteworthy triumph for open source technology, an open web, and the continued development of tools widely available and easily accessible to developers around the world. Yet, software development is changing quickly and uncertainty looms over the future of WordPress, Automattic’s blogging tool turned content management system.

Automattic needs extra fuel to fight against considerable headwinds in its pursuit of an internet dominated by the WordPress ecosystem.

WordPress is working to overcome the declining popularity of PHP and its community infighting amid an exodus of developers toward decoupled architectures and static websites. Moreover, WordPress’s precarious security reputation and growing maintenance requirements to support dozens of old platform versions also pose substantial obstacles.

Can money reverse these macrotrends?

As the owner of WordPress.com, WooCommerce, and soon Tumblr, Automattic impacts a sizable portion of the internet’s content. With the backing of Salesforce Ventures, that influence will receive a much-needed boost. According to Matt Mullenweg, Automattic’s CEO, “What we want to do is become the operating system for the open web.”

Despite powering 37% of internet sites, WordPress needs Automattic to preemptively adapt to changing development needs and retain developer mindshare in the long term.


Small bytes

  • Darklang, a holistic programming language, editor, and infrastructure for building backends, leaves stealth mode [DARKLANG]
  • Google achieves quantum supremacy, showcasing how quantum computers can solve in a few minutes problems that take classical computers thousands of years [CLOUDTECH]
  • A report from the Internet Association reveals that the internet sector is the fourth largest sector of the US economy, making up about 10% of GDP [REUTERS]
  • Edge computing could overtake cloud computing by 2025, according to a general manager at The Linux Foundation [ZDNET]
  • Building computers of the future. Goodbye, motherboard. Hello, silicon-interconnect fabric [IEEE SPECTRUM]
  • Great engineering teams need product-minded software engineers who love their product as much as their code [PRAGMATIC ENGINEER]

Tools

  • Git-blame-someone-else helps you blame someone else for your bad code [GITHUB]
  • jsonbox.io lets you store, read, and modify JSON data over HTTP APIs for free [JSONBOX.IO]
  • Navi is an interactive cheatsheet tool for the command-line [GITHUB]
  • Grid Garden is a game for learning CSS grid layout [GRID GARDEN]
  • The superhero API is a quantified and programmatically accessible data source of all superheroes from all comic universes [SUPERHERO API]
  • No CS OK is the first jobs board made for developers without degrees [NO CS OK]
Never miss the big news

Every week, our team will send you three of the most important stories for developers, including our analysis of why they matter. Software development changes fast, but src is your secret weapon to stay up to date in the developer world.

Featured articles
AI Ethics: How Diverging Global Strategies Open a Gaping Regulatory Void

Today global initiatives on AI are a series of regulatory and ethical gambles—a dangerous, potentially existential game.


Can Master Chief win the day for Microsoft Azure?

Why the Xbox will be Azure’s unlikely hero.


Churn Baby, Churn

Understanding churn rates can help developers be more productive and write quality code

Made with by Software. Read more about our mission.