SD Times news digest: Netflix bug bounty program, InfluxData’s Apache Arrow support, and GitHub’s security alerts

Netflix is launching a public bug bounty program in order to improve the security of their solutions as well as strengthen their relationship with the security community. The program will be available through Bugcrowd.

“Netflix’s goal is to deliver joy to our 117+ million members around the world, and it’s the security team’s job to keep our members, partners, and employees secure,” the company wrote on its blog.

As part of the program, the company requires researchers don’t access customer or employee information, stop testing and report issues immediately, don’t degrade the company’s user experience, perform research only, use the Bugcrowd submission form to report vulnerabilities, and collect only the information necessary to demonstrate vulnerabilities.

More information is available here.

InfluxData announces support for Apache Arrow with Go implementation
InfluxData announced it will be contributing its Go programming language implementation to the Apache Arrow project. According to the company, the move is to signify its support for the Apache Software Foundation. Apache Arrow is a cross-language development platform for in-memory data. The Go language implementation for Arrow will include CPU specific optimizations to increase performance and analytic workloads on Arrow.

“We are excited to have the support offered by InfluxData and appreciate the company donating its Go language expertise and implementation to Apache Arrow in the spirit of benefiting the greater Open Source community,” said Jacques Nadeau, VP for Apache Arrow. “Go is becoming an increasingly popular language, and having InfluxData contribute code to Apache Arrow will increase its adoption across the industry.”

Hortonworks announces Operational Services for managing big data
Hortonworks announced a new solution to improve data-driven insights. The Hortonworks Operational Services is designed to manage big data deployments and help customers maximize the value of their data. The services will benefit customers using the Hortonworks Data Platform and Hortonworks Dataflow solution. It features support for HDP and HDF environments, configuration, management and maintenance for HDP components, multi-tenancy management within the cluster, capacity planning and forecasting and quarterly on-site architecture review.

“At its heart, Hortonworks Operational Services is designed to reduce complexity when building, deploying and managing big data, whether it is on-prem or in the cloud,” said Scott Gnau, chief technology officer at Hortonworks. “Hortonworks has extensive experience running the entire Apache Hadoop stack in production, at scale, on the most demanding workloads. With a proven track record of supporting our big data platforms at leading companies and on multiple tiers, we are in a unique position to efficiently manage the operations of customer environments at high performance.”

GitHub aims to keep code safer with security alerts
GitHub announced security alerts last year as a way to provide private and public repositories with vital vulnerability information. Since then, the company has taken an active role in alertying projects of vulnerabilities in RubyGems for Ruby and npm for Javascript. Going forward, the company will look for new ways to improve code checking and generation.

“As more developers draw from existing code libraries to build new tools, tracking changes in dependencies like security vulnerabilities has become more difficult,” GitHub wrote in a post. “In almost all cases, there’s a new, patched version of the library we can recommend in the alert.”