This blog describes a security vulnerability in the infrastructure that supports Germany’s COVID-19 contact tracing efforts. The mobile (Android/iOS) apps are not affected by the vulnerability and do not collect and/or transmit any personal data other than the device’s IP address. The infrastructure takes active measures to disassociate true positives from client IP addresses.
This is the second post in our series on DevOps fundamentals. For a guide to what DevOps is and answers to common DevOps myths check out part one. What role…
In this post I’ll give details about how to exploit CVE-2020-6449, a use-after-free (UAF) in the WebAudio module of Chrome that I discovered in March 2020. I’ll give an outline of the general strategy to exploit this type of UAF to achieve a sandboxed RCE in Chrome by a single click (and perhaps a 2 minute wait) on a malicious website.
This article originally appeared in TechCrunch, and is republished here with permission. The Supreme Court heard arguments October 7 in Google v. Oracle. This case raises a fundamental question for…
By now, most people in technology are familiar with the term DevOps. What we call “DevOps” will often differ between organizations, yet one thing remains the same: DevOps is defined…
Now available, code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production.
Security is a complex area. One software component may break the assumptions made by another component and it is not always clear who should fix the code to remediate the security implications.
GitHub’s mobile applications have used GraphQL to power new features. We’ve now been able to move faster and get more done with less hassle and no over-fetching. We were able…
GitHub Actions gives you the power to automate your workflow. Connect with the tools you know and love. Have more freedom to innovate and be creative. Deploy to any cloud,…
Aimed at developers, in this series we introduce and explore the memory unsafe attack surface of interpreted languages.
GitHub Actions hosted virtual environments are a turn-key option for running your workflows. But if you need fine-grained control and customization of your environment, then self-hosted runners give you full…
Administrators and users can suspend any GitHub App’s access for as long as needed, and unsuspend the app on command.
In this post, hear from @stevemar, a Senior Technical Staff Member at IBM, about a new GitHub Starter Workflow for developers deploying containerized applications to IBM Cloud Kubernetes Service. Here…
GitHub Actions allows you to automate your workflow. Connect with the tools you know and love, and have more freedom to innovate and be creative. With GitHub Actions, you can…
What is the Availability Report? Historically, GitHub has published post-incident reviews for major incidents that impact service availability. Whether we’re sharing new investments to infrastructure or detailing site downtimes, our…
In this post I’ll show how input validation which should be used to prevent malformed inputs to enter our applications, open up the doors to Remote Code Execution (RCE).
ICYMI: docs.github.com is the new place to discover all of GitHub’s product documentation! We recently completed a major overhaul of GitHub’s documentation websites. When you visit docs.github.com today, you’ll see…
GitHub Actions allows you to automate your workflow. With GitHub Actions, you can deploy to any cloud, build containers, automate messages, and do so much more. Use any tool you…
GitHub Enterprise Server 2.21 is now available with updates to simplify collaboration, increase reliability and improve security.
Setting up a new repository with all the right linters for the different types of code can be time consuming and tedious. So many tools and configurations to choose from…
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
