Compliance Management, Privacy, Security Strategy, Plan, Budget

Microsoft’s Github buy: is it good news for security?

The Redmond giant has put up £5.6 billion in Microsoft stock to secure the deal, set to close by the end of the calendar year. A decade-old San Francisco-based startup, GitHub boasts more than 28 million developers, and repositories range from those of major infrastructure and global corporates, including Microsoft as evidenced by this Tweet, down to hobbyist projects.

The deal has broadly been welcomed by security experts, although concerns around Microsoft's impact on the platform in the long term have also been voiced.

Patrick Carey, director of security strategy at Black Duck by Synopsys, welcomed the move:  "This is tremendously good news for open source, and perhaps the single most significant validation conceivable that open source IS the mainstream for software development.  Microsoft has always been focused on the needs of the developer and this acquisition is consistent with that focus. It may seem remarkable that Microsoft, once considered the arch enemy of both Linux and open source, would acquire GitHub, perhaps the most prominent piece of open source infrastructure today, but it shows just how much Satya Nadella has changed the game at Microsoft.”

Carey continued to detail some of the positive integrations that are likely to result from the deal: “This acquisition will certainly lead to more and better integrations between Microsoft's developer tools like Visual Studio and Team Foundation Server (TFS).  It's likely that Microsoft will make further strides to embrace open source by providing community developers with new tools to help improve the quality and security of their projects. This is a good thing, as it will improve the quality and security of the applications and web sites we all rely on every day.  However, since open source components come from so many different communities and vary significantly in quality, teams building software with open source components will still need to be vigilant in tracking the open source they use, as well as the security and license compliance risks that come with it."

Satya Nadella, CEO, Microsoft was keen to emphasise the value of the community: “Microsoft is a developer-first company, and by joining forces with GitHub we strengthen our commitment to developer freedom, openness and innovation. We recognize the community responsibility we take on with this agreement and will do our best work to empower every developer to build, innovate and solve the world's most pressing challenges.”

Meanwhile, rival GitLab claims to have seen a x10 jump in developers moving their repositories across, and has even created a video to explain the process it claims is ‘as simple as possible'. The news has also seen #movingtogitlab trend on Twitter, but with opinion broadly split over the wider impact for the developer community, some took the opportunity to

weigh in on as-yet unrelated Microsoft products...

As a result of the deal, Microsoft now owns significant parts of the software delivery chain, from GitHub (source control), Visual Studio (IDE), Azure and Azure Stack (compute), and package management (Helm), among others.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.