Category

Security

Phishing Resistant SMS Autofill

Phishing Resistant SMS Autofill

We recently shipped support for the origin-bound draft standard for security codes delivered via SMS. This standard ensures security codes are entered in a phishing-resistant manner. It accomplishes this by binding an SMS with…

Zhongying Qiao
Lightning Q&A: DevSecOps in five with Maya Kaczorowski

Lightning Q&A: DevSecOps in five with Maya Kaczorowski

In this interview, we dig deeper with Maya Kaczorowski on what DevSecOps is, and how to apply it. It’s a mindset shift in how development teams think about security. DevSecOps is about making all parties who are part of the application development lifecycle accountable for security of the application.

Grace Madlinger
How we threat model

How we threat model

At GitHub, we spend a lot of time thinking about and building secure products—and one key facet of that is threat modeling. This practice involves bringing security and engineering teams…

Robert Reichel
Hardening your GitHub Enterprise Server

Hardening your GitHub Enterprise Server

GitHub stores your source code, releases, and a vast amount of invaluable information in issues and pull requests. While GitHub Enterprise Server (GHES), our self hosted solution, provides great security by default, administrators can take additional steps to further harden their appliance. This post will guide you through the most important settings.

Lars Schneider