San Francisco: Facebook has formally open-sourced one of its secret security tools available for Instagram that finds and fixes bugs. The tool called Pisa is now available on open-source repository GitHub.
Facebook security tools (Pisa) is a security-focused tool built on top of Facebook’s type checker for Python called Pyre.
It’s used to look at code and analyze how data flows through it.
“We’ve made Pisa open source, together with many of the definitions required to help it find security issues so that others can use the tool for their own Python code,” Facebook said in a statement on Friday.
“Analysing data flow is useful because many security and privacy issues can be modeled as data flowing into a place it shouldn’t”.
According to the company, Pisa detected 44 percent of all security bugs in Instagram’s server-side Python code in the first half of this year.
Facebook has also built Zoncolan, a static analysis tool that helps us analyze more than 100 million lines of Hack code and has helped engineers prevent thousands of potential security issues.
“That success inspired us to develop Pisa, which is an acronym for Python Static Analyser,” said Facebook.
The largest repository of Python code is the millions of lines that power Instagram servers.
“Automated analyzers like Pisa are an important tool for maintaining quality and security in this codebase,” said Facebook.
When Pisa is run on a developer’s proposed code change, the tool provides results in about an hour rather than the weeks or months it could take to review manually.
The results go either directly to the developer or to security engineers, depending on the type of issue detected.
