A little over three years ago, we launched our Security Bug Bounty Program, a way to reward security researchers who help make GitHub more secure by reporting vulnerabilities in our…
What happened? On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using…
Update: 2014-09-29 23:10 UTC We have published an update to the Git Shell tools for GitHub for Windows, which resolves the bash vulnerabilities CVE-2014-6271, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187. If you…
Our users' trust is something we never take for granted here at GitHub. In order to earn and keep that trust we are always working to improve the security of…
Some GitHub user accounts with weak passwords were recently compromised due to a brute force password-guessing attack. I want to take this opportunity to talk about our response to this…