Comcast shares its code to boost open source security

Years of commitment to open source software appear to be paying off for Comcast and potentially for other companies. The nation’s second largest ISP is sharing code it uses to help secure its own network, making it available for others to employ and extend. 

Comcast’s most recent contribution to the open source community is xGitGuard, an open source tool the ISP released early this year under the Apache 2.0 license, which allows other companies to include the code in their software. 

Many open source developers use Global Information Tracker (Git), a version control tool that helps them track changes to code as they write and post it. GitHub, which became part of Microsoft in 2018, is a platform which houses hundreds of millions of these code repositories. A large number of these repositories are updated and improved continuously, and as developers make updates, they may inadvertently upload passwords or other proprietary information. 

xGitGuard was developed by Dr. Bahman Rashidi, director of Comcast Cable’s cybersecurity and privacy engineering research team, to address this problem. It scans code for proprietary information and alerts developers if it finds any. 

Rashidi said xGitGuard can be used with GitHub Enterprise or public GitHub. He explained there are several ways developers can use xGitGuard. They can run daily scans of their code and receive push notifications if any problems are found. They can also use a portal to see if xGitGuard has detected security issues, and they can add a “hook” to their code so that anytime they push an update it will be scanned by xGitGuard. 

xGitGuard is not the first tool to scan GitHub repositories for private information. A similar platform called GitGuardian already exists, but it is not free for all users. Rashidi said for now, xGitGuard is available at no charge.

Since xGitGuard is open source code, other developers from outside Comcast will have the opportunity to extend and improve it, and Rashidi said he’s hoping this will happen as more people start using it.

Open history

xGitGuard is not Comcast’s first open source contribution. Last year the Cloud Native Computing Foundation (CNCF) accepted two Comcast open source initiatives as sandbox projects. One was Kuberhealthy, created by Comcast engineers to monitor and understand Kubernetes clusters. The other is Trickster, a tool for visually conveying cached data. It is used with Prometheus, an open-source monitoring and alerting toolkit originally developed by SoundCloud.  

In addition, Comcast's Traffic Control, an open source implementation of a content delivery network, has been accepted by the Apache Software Foundation and renamed Apache Traffic Control.

Beyond helping Comcast virtualize its network, open source software may give the ISP an edge in the labor market, where competition for good developers can be intense. The company says it uses its open source expertise to attract software talent.