Secret scanning for private repositories is now generally available for all GitHub Advanced Security customers on GitHub Enterprise Cloud. Since announcing the beta last year, we’ve: Expanded our pattern coverage…
In this second installment, I will focus on how to build our own custom ASAN interceptors in order to catch memory bugs when custom memory pools are implemented and also on how to intercept file system syscalls to detect logic errors in the target application.
GitHub Advanced Security helps you create secure applications with a community-driven, developer-first approach. Today, we are excited to announce two updates: Beta of the new security overview for organizations and…
A year ago, we were celebrating the launch of GitHub India to serve the third largest developer community on GitHub. Today, I am thrilled to welcome GitHub Satellite to India…
In this last post of the series, I’ll exploit a use-after-free in the Chrome renderer (CVE-2020-15972), a bug that I reported in September 2020 but turned out to be a duplicate, to gain remote code execution in the sandboxed renderer process in Chrome.
This article originally appeared in The New Stack, and is republished here with permission. Digital sovereignty has become a rallying cry across the globe. In 2021, open innovation will, counterintuitively,…
Understanding the movement of ‘single source’ companies from ‘open source’ to ‘source available’ licenses In the last nine months since joining GitHub’s policy team, I’ve been asked repeatedly about a…
In this series of posts, I’ll go through the exploit of three security bugs that I reported, which, when used together, can achieve remote kernel code execution in Qualcomm’s devices by visiting a malicious website in a beta version of Chrome. In this first post, I’ll exploit a use-after-free in Qualcomm’s kgsl driver (CVE-2020-11239), a bug that I reported in July 2020 and that was fixed in January 2021, to gain arbitrary kernel code execution from the application domain.
In this second post of the series, I’ll exploit a use-after-free in the Payment component of Chrome (1125614/GHSL-2020-165), a bug that I reported in September 2020 that only affected version 86 of Chrome, which was in beta. I’ll use it to escape the Chrome sandbox to gain privilege of a third party App on Android from a compromised renderer.
It has been a year since we’ve launched the first public release of GitHub CLI. Since, we have added functionality to manage your repositories, comment on issues, enable auto-merge for…
Software security doesn’t end at the boundaries of your own code. The moment a library dependency is introduced, you’re adopting other people’s code and any bugs that come with it.…
As technology transforms the global economy, Dr. Bernice King, the CEO of the King Center for Nonviolent Social Change, is striving to make sure these new economic opportunities are available…
This year we hosted our first all-virtual GitHub Universe—and you tuned in to join us from 174 regions around the world! We knew there was even more to cover, so…
This post is the fifth installment of our five-part series on building GitHub’s new homepage: How our globe is built How we collect and use the data behind the globe…
Not everyone takes a break over the festive season. Some people in the community have been busy shipping releases. So we’re here to bring you the latest and greatest releases…
GitHub is committed to shaping public policies that support developers around the globe. Last year, we advised policymakers, supported legal action, and spoke directly to developers on policy in jurisdictions…
As the world becomes more interconnected and complicated, so too does the expanse of open source ecosystems. While the majority of open source software (OSS) lies with corporate technology companies,…
GitHub’s engineering group moved from a monolithic, hero-based on-call rotation to a more balanced on-call culture in order to increase our on-call expertise and improve the experience for our customers.
How GitHub Education and Major League Hacking have teamed up to bridge the gap between school and work.
This is the second post in a series about how we built our new homepage. How our globe is built How we collect and use the data behind the globe…
GitHub is where the world builds software. More than 56 million developers around the world build and work together on GitHub. With our new homepage, we wanted to show how…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
