2020

Ubuntu 20.04 local privilege escalation using vulnerabilities in gdm3 and accountsservice (CVE-2020-16125, CVE-2020-16126, CVE-2020-16127)

In October, we experienced one incident resulting in significant impact and degraded state of availability for multiple services.

Closing that priority issue you’re working on can wait—put down your keyboard and vote! Millions of you already have, and your vote in national and local elections may just impact…

The theme for this year’s Game Off is MOONSHOT.  moonshot – noun an extremely ambitious and innovative project the act of launching a spacecraft to the moon a hit or…

WARNING: This post contains zombies, werewolves, extra dimensional beings, mummies, and more! Proceed at your own risk. Trick or treat yourself to some fangtastic Halloween-themed games this weekend. These were…

GitHub Actions gives you the power to automate your workflow. Connect with the tools you know and love. Have more freedom to innovate and be creative. Deploy to any cloud,…

This is the second post in our series on DevOps fundamentals. For a guide to what DevOps is and answers to common DevOps myths check out part one. What role…

Using deferred compliance in GitHub’s CI process to improve developer productivity.

An introduction to our blog series on GitHub’s investments in technical excellence.

Game Off, our annual game jam (a hackathon for building games) returns this weekend. Participants will be given a secret theme on November 1 and will have the entire month…

We’re thrilled to announce an opportunity to connect with employees at GitHub during GitHub Universe. This year, Universe will take place virtually December 8-10 and we’d love to “see” you…

In this blog post we demonstrate how to integrate the GitHub Advanced Security code scanning capability into our Azure DevOps Pipelines. We provide code snippets and examples that can guide you or your developers working to integrate Code Scanning into any 3rd Party CI tool.

In this post I’ll give details about how to exploit CVE-2020-6449, a use-after-free (UAF) in the WebAudio module of Chrome that I discovered in March 2020. I’ll give an outline of the general strategy to exploit this type of UAF to achieve a sandboxed RCE in Chrome by a single click (and perhaps a 2 minute wait) on a malicious website.

How GitHub measures and improves reliability, security, and developer happiness with automated deployments.

November 3 is election day in the U.S. Early voting is available in most states. If you haven’t yet, make a plan to vote. If you’re an employer in the…