Since launching Security Advisories, we’ve asked many maintainers for their feedback to help us understand how advisories are being used in their projects. One of the most important pieces of feedback we heard was the desire to simply say “thanks!” to the people that contributed to the advisory. Some maintainers are already doing this today—20% of Security Advisory descriptions mention someone. Those advisories thank people for many reasons, from finding the vulnerability and creating the fix, to moral support and more.
We want to make these credits more visible so that anyone visiting an advisory can see who contributed. To do that, we’ve made “saying thanks” a core part of the Security Advisory workflow with advisory credits.
Giving credit is simple—when editing a Security Advisory, use the Credits area at the bottom to search for the GitHub user you wish to credit, and press Enter.
The people you credit can accept or decline your credit. If accepted, GitHub shows the credit on the Security Advisory, both in the repository and in the GitHub Advisory Database.
If you’ve published a Security Advisory that mentioned a user, we’ve also gone back and processed those mentions into pending credits.
Only the community, working together, can secure the open source software that we all rely on. With advisory credits, we want to celebrate the great collaborations that happen in the community every day.
We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.
It’s the 10th anniversary of our global developer event! Celebrate with us by picking up in-person tickets today. It’s bound to be our best one yet.
As we’re opening up the doors to our final class of this programmatic year, we’re also looking back at our recent graduates and the partners that helped make them a success.
Alex Mullans 
