In an effort to increase the adoption of FIDO U2F second factor authentication, we’re releasing Soft U2F—a software-based U2F authenticator for macOS. Soft U2F currently works with Google Chrome and Opera’s built-in U2F implementations, as

In an effort to increase the adoption of FIDO U2F second factor authentication, we’re releasing Soft U2F: a software-based U2F authenticator for macOS. We’ve long been interested in promoting better user security through two-factor authentication

Millions of people rely on GitHub Pages to host their websites and millions more visit these websites every day. To better protect traffic to GitHub Pages sites, as well as to encourage the broader adoption

Despite the best efforts of its writers, software has vulnerabilities, and GitHub is no exception. Finding, fixing, and learning from past bugs is a critical part of keeping our users and their data safe on

Looking through our exception tracker the other day, I ran across a notice from our slow-query logger that caught my eye. I saw a SELECT … WHERE … LIKE query with lots of percent signs

To help users better secure their accounts, we are expanding GitHub’s authentication system to support FIDO Universal 2nd Factor (U2F)—a rapidly growing open authentication standard. GitHub encourages developers to build U2F support into their own

Like many sites, GitHub uses a content delivery network (CDN) to serve static assets such as JavaScript, CSS, and images to our users. The CDN makes web browsing faster by delivering assets from data centers

With Subresource Integrity (SRI), using GitHub is safer than ever. SRI tells your browser to double check that our Content Delivery Network (CDN) is sending the right JavaScript and CSS to your browser. Without SRI,

You can now create deploy keys with read-only access. A deploy key is an SSH key that is stored on your server and grants access to a single GitHub repository. They are often used to

It’s already been a year since we launched the GitHub Security Bug Bounty, and, thanks to bug reports from researchers across the globe, 73 previously unknown security vulnerabilities in our applications have been identified and