Where next for GitHub?

Its tenth birthday sees GitHub at the top of the pile. What about the next ten years?

October 2017 saw GitHub celebrate its unofficial tenth anniversary. The software repository start-up saw its first Git commit for building GitHub itself—a basic default Rails app import—back in 2007.

The San Francisco-based company has since become the de facto home for storing code. It’s seen off the likes of Google Code and Microsoft’s CodePlex, kept incumbents such as BitBucket and SourceForge at bay, and retained its position while numerous new competitors such as GitLab and CloudForge have entered the market. The company was labelled the “the largest code host in the world” back in 2014, and has only grown larger since.

But once you’re at the top, where do you go next? Ignoring the thorny question of profitability, is there anywhere to go but down?

“We’ve really been focused on what the next ten years look like, not just for Github as a company but Github as a proxy for the future of software development,” Julio Avalos, GitHub’s Chief Strategy Officer tells IDG Connect and other media in a press talk ahead of the GitHub Universe conference in San Francisco.

“We believe strongly that we’re still in the very early stages of software development and if we think into the future: Five, ten, 15 years down the line, that process will look quite different from how it currently looks.”

Where next: Beyond a simple code library

Avalos says he wants to go beyond the concept of the company as the “Alexandria Library of Code” and into something even more complete.

This isn’t a library with finalised books on the shelves. What we have is an entire history of everything; every patch, of every bug, of every security vulnerability that’s been unwittingly introduced into the code, and the patches that have gone into fixing that vulnerability.
There is a lot of data that the world should be able to harness in order to make the software development process easier and more accessible, and that’s going to be a big theme for us over the next five to ten years and into the company’s future.

The concept of a library also seems far too passive an analogy for how the company views its own position. “I think that we see ourselves as, and take seriously the responsibility as stewards of the software development community.”

In an interview with IDG Connect, Jason Warner, SVP of Technology at GitHub, echoes Avalos’s vision as leading from the front:

This is the word we use internally all the time. Stewardship. We take that responsibility incredibly seriously. What could we be doing more of, and how can we advance those conversations?
Given its prominence in the industry and in the world, GitHub is uniquely positioned to think about all software development and all the software developers.
I also think about software in terms like; how do we advance the entire craft of software development with developers themselves?

However, the company seems aware where its limits currently lie. At Universe, the company was keen to reiterate its focus on software development and its own data, and let its Marketplace platform fill in any gaps.

“I do not think that it is GitHub’s responsibility to take on some of big issues that you have,” says Avalos. “However, if we have an opportunity to more quickly surface elements—tools that exist within the community or in the stack within the data that we have, then I do think that’s an important role that we will be playing moving forward.”

An interesting side note is the use of GitHub beyond coding. Much of the company—including the likes of marketing and sales—use GitHub to work. And the same is true for organisations beyond GitHub.

“What does GitHub look like for lawyers or for policymakers, for journalists, for scientists? I think that there is a real power to the GitHub workflows and what it is able to facilitate collaboration that could be used by untold industries.”

“We’re focused on making the software development process easier and more accessible, we should not be the dependency on when GitHub going to get to build ‘GitHub for Doctors.’ There should be an opportunity however, that if you have an integration [with Marketplace] that makes it easier for a data scientist or journalist to be able to use GitHub.”

Future of coding

At his keynote during GitHub Universe, CEO Chris Wanstrath said the future of coding could well be “no coding at all.”

Does this mean we’ll soon see machines coding machines? Google’s AutoML system is now creating Machine Learning code that is more effective than those developed by humans. But GitHub insists there is a clear distinction between adding automation into code and just replacing human software devs with robots.

“We’re explicitly not making coding robots,” says Miju Han, Engineering Manager of Data Science at Github, but adds that she does believe the coding of the future will be based more around natural language.

“I don’t see the developers of the future writing code line by line. In the future you want someone to be able to say, ‘give me an Android app that has a menu bar, and plays music’. We can ahead and write you a template.”

Avalos is keen to see automation in code as a boon to the people making software, rather than anything like a replacement:

“It’s been very important for us to continue to focus on the human being, and to think about how you’re going to make that person’s job easier how are, how we are going to create more efficient development processes so that people don’t have to spend time on what I think of as the scaffolding, the infrastructure that a lot of different programs have.”

Security by design

With the talk of automation and GitHub’s role as ‘stewards’, the question comes to security: Is it the company’s role to ensure that code hosted on its platform is secure? The company might be keen to emphasis it’s not replacing people with robots, but it also wants security—and area with a lot of potential room for human error—at the forefront of software development.

“Security is often seen as a post-hoc problem, but there’s great potential if the manual decision-making about how to best approach security is, if not supplanted, at least augmented with automatic suggestions,” explains Warner.

“How much better does the entire industry get if security is something that’s more automatic at code-creation time? That’ll be a fun conversation and I think obviously the results of that are a more secure internet and secure software world.”

The start of this is a code decency graph, which allows projects to see how many dependencies it has—Han says many now have over 100—and see which are being updated regularly, or which may be insecure.

“Our vision for what proactive security means is that you don’t even introduce the dependency into your project ever if it’s vulnerable,” says Han. “When you’re researching you know that that dependency hasn’t been updated in years and probably never will.”

“So, we tell you while you’re researching it or while you’re at your code editor that not only don’t use that one but here are good alternatives, and maybe here’s how to start integrating them into your project.”

The company has also introduced security alerts, which will highlight publicly known vulnerabilities detected in code, and fixes will be suggested where possible.

The next 100 million developers

“There is a deficiency in the world today in terms of how many software developers there are even to meet the needs that global business requires today let alone what that looks like five, ten, fifteen years from now,” says Avalas. “We need to speed up what the process of educating oneself as a software developer, that needs to get faster.”

He adds that the company’s future priority is looking at how artificial intelligence is making software development easier and more accessible—and helping find developers from parts of your company that perhaps you weren’t thinking about. “We’re going to have a very strong opinion on how you surface skills within your existing enterprise: You might have somebody that worked on the Ruby or Python Project on Github currently working in a completely different space and you might have a particular project that suddenly you don’t know whether you have anyone within your enterprise that can work on it.”

This alternative skill surfacing, according to the company, is how the industry can start to plug at least some of the current skills shortages. “These days we think of a new developer as someone who doesn’t necessarily have a background in computer science,” says Han. “They’ve taken a coding class online and then maybe they’re really an estate agent who wants to make an app or a project that they’re really excited about.”

“We see more and more people coding which is wonderful. At the same time, we’re in a position to help them write code that’s secure that’s performing, that’s easy to understand and pass on to other people.”

This story, "Where next for GitHub?" was originally published by IDG Connect.

Copyright © 2017 IDG Communications, Inc.