Open Source software provides the community source code that anyone can inspect, modify, and enhance. OSS is so ubiquitous that it’s even on other planets. This post is for the people who run these projects.

As announced last week by our good friends at the Node.js Foundation, Snyk has agreed to take over from the amazing Node.js ecosystem vulnerability disclosure program. As a company that’s been part of this program from a very early stage — and has been inspired by it to create our own multi-ecosystem disclosure program — it is a great honor to have been entrusted with this responsibility, and we thank the Node.js Foundation sincerely for their trust in this matter.

In 2020, over 30 new major features were released across the Snyk platform — in Snyk Open Source, Snyk Container, Snyk Infrastructure as Code, and Snyk Code. While both our development and product teams deserve credit for Snyk’s rapid pace of development, our users also play an important role by continuously providing us with their feedback and insight. Our ultimate goal is to help development and security teams be successful in mitigating risk.

This is a story of bringing the pain forward, begging forgiveness, and continuous improvement. In the early days of Manifold — long before we joined Snyk — we were building an independent marketplace for developer services (like databases or transactional email senders). The structure of our code was typical: we had a React frontend app, and a collection of Go microservices talking to a database. A typical structure meant we had typical problems, too.

The United States Government equates cybersecurity with national security. That’s the crux of the recent Executive Order that will mandate that not only must software applications be vetted, but there will be upcoming regulations on providing all of the components that make up the software. As section 1 notes: “prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.”

PHP is used extensively to power websites. From blogging to ecommerce, it’s embedded in our everyday lives and powers much of the internet we use today. According to a Wappalyzer report on top programming languages of 2020, PHP has a 79% market share of backend languages used on the internet today. One of the biggest challenges with PHP libraries over the years has been package management. There have been a few ways to easily install and maintain libraries including PECL, CPAN.