HomeBlockchainCoinbase open-sources the code for its security scanning tool

Coinbase open-sources the code for its security scanning tool

Coinbase has open-sourced and uploaded to GitHub the code for its automated scanning tool.

The tool is named Salus, after the Roman goddess of protection and is capable of automatically running and configuring different security scanners and then issuing a report.

Among the advantages offered by the tools is the ability to centrally coordinate the scanning efforts across many repositories. Usually, the administrators would have to configure a scanner separately for every repository. Also updating the configuration of the scanners can be done centrally, once for every configuration.

Such a tool is a great time saver for administrators that are trying to implement system-wide changes. Moreover, less strain from repetitive tasks on security professionals decreases the risk of mistakes thus enhancing security. From a post on the Coinbase blog:

“At Coinbase, we use a combination of human-driven code reviews and automated scans to ensure all our production deployments are as secure as possible — and when the right tools don’t exist to help us do the work we need to, we build them.”

The advantage of open source

Open sourcing software may appear counterintuitive to people not familiar with the technology and software industry.

“Why give away something for which you can charge?”

There are many advantages to open sourcing software, and open sourcing doesn’t mean giving away for free (but in most cases people do both or neither one). Open sourcing means granting people access to the code of the software which in the case of security-driven applications is particularly advantageous.

By open sourcing, you can have many hackers, other companies, and the broader community look thru the code. Such an approach usually uncovers flaws in the code a lot more effectively than just having a team of employees of the company looks into the code in search of bugs and vulnerabilities.

Adrian Zmudzinski
Adrian Zmudzinski
Adrian è un appassionato di tecnologia e IT, specializzato nell'analisi di token, tecnologia blockchain e crypto. Il suo interesse verso Bitcoin risale al 2009, espandendosi al mondo delle crypto più in generale. Le sue analisi si concentrano per lo più sulle potenzialità tecnologiche alla base dei token.
RELATED ARTICLES

MOST POPULARS

GoldBrick