Coinbase open-sources the code for its security scanning tool
Coinbase open-sources the code for its security scanning tool

Coinbase open-sources the code for its security scanning tool

By Adrian Zmudzinski - 19 Oct 2018

Chevron down

Coinbase has open-sourced and uploaded to GitHub the code for its automated scanning tool.

The tool is named Salus, after the Roman goddess of protection and is capable of automatically running and configuring different security scanners and then issuing a report.

Among the advantages offered by the tools is the ability to centrally coordinate the scanning efforts across many repositories. Usually, the administrators would have to configure a scanner separately for every repository. Also updating the configuration of the scanners can be done centrally, once for every configuration.

Such a tool is a great time saver for administrators that are trying to implement system-wide changes. Moreover, less strain from repetitive tasks on security professionals decreases the risk of mistakes thus enhancing security. From a post on the Coinbase blog:

“At Coinbase, we use a combination of human-driven code reviews and automated scans to ensure all our production deployments are as secure as possible — and when the right tools don’t exist to help us do the work we need to, we build them.”

The advantage of open source

Open sourcing software may appear counterintuitive to people not familiar with the technology and software industry.

“Why give away something for which you can charge?”

There are many advantages to open sourcing software, and open sourcing doesn’t mean giving away for free (but in most cases people do both or neither one). Open sourcing means granting people access to the code of the software which in the case of security-driven applications is particularly advantageous.

By open sourcing, you can have many hackers, other companies, and the broader community look thru the code. Such an approach usually uncovers flaws in the code a lot more effectively than just having a team of employees of the company looks into the code in search of bugs and vulnerabilities.

Adrian Zmudzinski

Adrian is passionate about technology and Information Technology (IT). Adrian specialized in the analysis of tokens, the blockchain technology, and cryptocurrencies. His interest in Bitcoin dates back to 2009 and it rapidly transformed into a more general interest of the still arising cryptocurrency industry. His analyses are concerned mostly by the technological potential underlying the analyzed token.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.