GitHub opened its database of open source-related CVEs and security advisories for community contributions this week. The company describes the project as “the largest database of vulnerabilities in software dependencies in the world” and hopes to attract “community members with additional insights and intelligence on CVEs that do not have a place to share this knowledge” by opening it up.
Istio releases fix for high severity DoS vulnerability
Istio made good on its promise to share a fix for a high severity vulnerability in the service mesh on February 22nd. Especially users running Istio in a multi-cluster environment should make sure to update their installations to versions 1.11.7, 1.12.4, or 1.13.1 to stop the project’s control plane from being vulnerable to a request processing error which can be used to crash istiod.
Snyk continues shopping spree by bagging Fugue
Secure development tooling provider Snyk recently announced the acquisition of cloud infrastructure security company Fugue. The capabilities of Fugue’s software as a service offering are planned to make their way into the Snyk Developer Security Platform, fitting the product with cloud security posture management tools, cloud landscape visualisation, and integrated security insights amongst other things. Other recent additions to Snyk’s portfolio include ML-backed semantic analysis tool DeepCode, composition analysis tool FossID, Manifold, and drift detection experts CloudSkiff.
SQLite 3.38 simplifies JSON processing
SQL database engine SQLite is now available in version 3.38. Since the last release, the project has been fitted with
->> operators for easier JSON processing, received additional virtual table interfaces, and an
auto as well as an
julianday modifier for the date and time functions. The engine’s CLI meanwhile learned to handle tabs and newlines in text properly, includes options
--wordwrap on, and –
-quote for the columnar output mode, and uses a different interface to return better error messages. SQLite 3.38 is the first version to include JSON functions out-of-the-box and automatically enabled JSON support.
Vitess 13 lands with SQL evaluation engine improvements
The team behind database clustering system Vitess pushed the project beyond the 13.0 mark this week. Amongst other things, version 13.0 has native support for MySQL collations and comes with a rewritten SQL evaluation engine. The new engine is supposed to match MySQL’s behaviour more closely and allows the project to do more steps locally while also being able to understand more complex queries. The full list of enhancements, which include various improvements to the vtctl’s client, can be found in the release notes.
MIT presents quantum programming language Twist
Researchers of MIT’s Computer Science and Artificial Intelligence Laboratory have come up with a new way of expressing algorithms for quantum computing. According to Charles Yuan, lead author of a paper describing the new approach, existing quantum programming languages aren’t able to reason about entanglement. However, measuring the state of one Qubit can affect the state of entangled Qubits which might lead to errors in a program. If this isn’t factored into a language, developers working on quantum computers need to verify their code by hand to make sure it works as intended.
Since this is no mean feat, the team decided to create its own language called Twist. It is based on a new purity property the team came up with, which it describes as “the property of an expression that states its evaluation is unaffected by measurement outcomes of unowned qubits”. To help identify pure expressions, Twist includes a specific type system. A combination of static analysis and runtime verification provides a way to check any purity assertions, which is supposed to make things a little easier.