Search results for: Search

When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.

When digital infrastructure is overlooked by governments, it isn’t just a missed opportunity: policies may inadvertently endanger open source collaboration.

With the successful liftoff of the James Webb Space Telescope, we ask our very own Arfon Smith about the history of open source and space science.

From answering questions about a new release to fielding feature requests, here’s how five open source communities use GitHub Discussions.

My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit.

The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.

As the year winds down, we’re highlighting some of the incredible work from GitHub’s engineers, product teams, and security researchers.

Instead of allowing all or no users to force push, admins can now be selective about who can force push to a repository. The image below shows how in the…

In this third and last part, I’ll share the results of my research on Apache HTTP server, and I’ll show some of the vulnerabilities that I’ve found.

In this post, I’ll discuss how to apply OWASP Proactive Control C2: Leverage security frameworks and libraries.

When you want to create a workflow in the Actions tab of your repository, the recommendations are now based on an analysis of repo content.

Getting started with GitHub Actions just got easier! Now, when you want to create an Actions workflow in the Actions tab of your repository, the workflow recommendations will be based…

Up until today, the GitHub Advisory Database has only published advisories that have been curated and approved by our Security Lab team. This approach meant users sometimes couldn’t find advisories…

Following our last update, we have a number of exciting updates and improvements being released today for the new projects experience. 🔗 Stay in sync with linked pull requests One…

Defining your security requirements is the most important proactive control you can implement for your project. Here’s how.

How to exploit a double-free vulnerability in Ubuntu’s accountsservice (CVE-2021-3939)

On Thursday, December 9, 2021, GitHub was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228.

We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.

Last week, GitHub joined the Internet Governance Forum to spread awareness of developers’ initiatives and public policy interests.

Precise code navigation is powered by stack graphs, a new open source framework that lets you define the name binding rules for a programming language.

Code navigation is now available in PRs, and code navigation results for Python are now more precise.