Microsoft makes CodeQL queries public so security pros can better understand SolarWinds attack


Microsoft has won praise from security researchers by making its  CodeQL queries public so any organization could use the open source tools to analyze if they experienced any vulnerabilities from the SolarWinds hack or similar supply chain attacks.  

CodeQL queries code as if it were data, which lets developers write a query that finds all the variants of a vulnerability, and then share it with others.

Read more…