Microsoft announced yesterday that it is buying the code-sharing site GitHub, a developer-focused startup that has become a crucial part of the programming industry, for $7.5bn. Patrick Carey, Director of Security Strategy at Black Duck by Synopsys commented below.
“This is tremendously good news for open source, and perhaps the single most significant validation conceivable that open source IS the mainstream for software development. Microsoft has always been focused on the needs of the developer and this acquisition is consistent with that focus. It may seem remarkable that Microsoft, once considered the arch enemy of both Linux and open source, would acquire GitHub, perhaps the most prominent piece of open source infrastructure today, but it shows just how much Satya Nadella has changed the game at Microsoft.
This acquisition will certainly lead to more and better integrations between Microsoft’s developer tools like Visual Studio and Team Foundation Server (TFS). It’s likely that Microsoft will make further strides to embrace open source by providing community developers with new tools to help improve the quality and security of their projects. This is a good thing, as it will improve the quality and security of the applications and web sites we all rely on every day. However, since open source components come from so many different communities and vary significantly in quality, teams building software with open source components will still need to be vigilant in tracking the open source they use, as well as the security and license compliance risks that come with it.”