Search results for: Security

Finding compromised passwords and two-factor recovery checkups

We have redesigned the two-factor authentication profile settings to make it easier to keep your account up to date. You will occasionally be prompted with a reminder to confirm your…

If you use Python, we can now alert you whenever you depend on vulnerable packages.

Python users can now access the dependency graph and receive security alerts whenever their repositories depend on packages with known security vulnerabilities. To configure the kind or frequency of notifications…

We’re pledging to strengthen cybersecurity and collaborate to build a more resilient internet.

As more developers draw from existing code libraries to build new tools, tracking changes in dependencies like security vulnerabilities has become more difficult. Since the launch of security alerts last…

Last month GitHub celebrated the fourth year of our Security Bug Bounty program. As we’ve done in the past, we’re sharing some details and highlights from 2017 and looking ahead…

Today’s software is increasingly interconnected and interdependent. There’s a good chance your project relies on someone else’s, and if your project is public that others might rely on it, too.…

Last month, we made it easier for you to keep track of the projects your code depends on with the dependency graph, currently supported in Javascript and Ruby. Today, for…

Organization owners can now limit the ability to delete repositories. The new repository deletion setting is available for all plans hosted by GitHub and will be coming to GitHub Enterprise…

A new release of GitHub Enterprise is now available with improvements for developers and administrators alike. With GitHub Enterprise 2.7, we’re introducing GPG signature verification — a new way for…

What happened? On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to be the result of an attacker using…

We want to free up your administrator’s time by providing a tool that requires little maintenance and great out-of-the-box security. By following a few simple steps, GitHub Enterprise can be…

It’s already been a year since we launched the GitHub Security Bug Bounty, and, thanks to bug reports from researchers across the globe, 73 previously unknown security vulnerabilities in our…

Update: 2014-09-29 23:10 UTC We have published an update to the Git Shell tools for GitHub for Windows, which resolves the bash vulnerabilities CVE-2014-6271, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187. If you…

On April 7, 2014 information was released about a new vulnerability (CVE-2014-0160) in OpenSSL, the cryptography library that powers the vast majority of private communication across the Internet. This library…

We just added more granular permissions so third party applications can specifically request read-only access, read/write access, or full admin access to your public SSH keys. You’re in control As…

Our users’ trust is something we never take for granted here at GitHub. In order to earn and keep that trust we are always working to improve the security of…

We’re always looking at ways to improve security. Today’s release of GitHub for Windows (version 1.0.54) improves password handling security through the use of OAuth tokens. Prior to this release…

We’ve started rolling out a new security feature called “Content Security Policy” or CSP. As a user, it will better protect your account against XSS attacks. But, be aware, it…

At 8:49am Pacific Time this morning a GitHub user exploited a security vulnerability in the public key update form in order to add his public key to the rails organization.…