JavaScript is not available.

Report a vulnerability: bounty.github.com. Security Research team:

@GHSecurityLab

Everywhere software is builtgithub.com/securityJoined July 2013

105 Following

13.6K Followers

GitHub Security’s Tweets

Pinned Tweet

Episode 353 – Jill Moné-Corallo on GitHub’s bug bounty program

Dec 13

We're hiring! New jobs just posted to our careers site (boards.greenhouse.io/github). Thread 🧵:

Tune into this week's #osspodcast to hear

@thejillboss

chat about GitHub’s bug bounty program, including what’s in scope and why we love partnering with researchers

opensourcesecurity.io

Josh and Kurt talk to Jill Moné-Corallo about GitHub’s bug bounty and product security team. It’s a treat to discuss bug bounties with someone who is managing a very large bug bounty fo…

Mike Hanley

@_mph4

Dec 14

A few months ago we announced by the end of 2023, 2FA would be required on GitHub. Today we're sharing what you can expect next as we begin this important work to help secure the software supply chain. Read more here:

Raising the bar for software security: next steps for GitHub.com 2FA | The GitHub Blog

GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023. Learn more about our approach, when we’ll begin our...

Dec 13

Hear about the key detection principles that lead our threat detection efforts + how we combat some of the toughest challenges in the industry today. Watch the recording of "Git outta here: how

Git outta here: how GitHub does detection - Universe 2022

does detection" from #GitHubUniverse:

youtube.com

Presented by: Calum HallGitHub has an obligation to the development community to ensure that they protect their employees and internal systems from threat ac...

Dec 13

✨ We're looking for a Staff Security Engineer for our Cloud Security Operations team. This is a remote role based in Europe.

Staff Security Engineer, Cloud Security Operations

✨ We're looking for a Senior Security Engineer for our Threat Detection team. This is a remote role based in the US or the UK.

Senior Security Engineer, Security Operations, Threat Detection

Remote - United States

Boosting this ✨ This is a remote role based in the US.

Quote Tweet

Dec 5

We're hiring

Come lead our Customer Security and Trust team! boards.greenhouse.io/github/jobs/46

✨ We’re looking for a Senior Engineering Manager for our Product Security Paved Paths team! This is a remote role based in the US or Canada.

Senior Engineering Manager, Product Security Engineering - Paved Paths

Remote - United States

Watch the recording of "How

uses GitHub to secure GitHub" with

@jacobdepriest

@gose1

from #githubuniverse here: youtube.com/watch?v=hVHLcb

Quote Tweet

Jacob DePriest

@jacobdepriest

Dec 5

I had a blast speaking at #GitHubUniverse with @gose1 , you can check out the whole session here! youtube.com/watch?v=hVHLcb

Dec 5

We're hiring 🎉 Come lead our Customer Security and Trust team!

Staff Manager, Customer Security & Trust

Remote - United States

Dec 1

Here are our November 🦃 bug bounty stats: ✅Closed 117 reports 💰Awarded $23,485 in bounties 👫92 hackers participated in our program

GitHub conference about cloud, AI, software security, and the open source developer community. Designed for enterprises, start-ups, and security professionals.

Nov 10

Want to learn how security has changed as organizations move from remote to hybrid work models? Join this chat with GitHub CSO and SVP of Engineering,

@_mph4

, and a panel of CISOs.

githubuniverse.com

GitHub Universe 2022

In about two hours, GitHub CSO & SVP of Engineering

@_mph4

takes the stage to talk about how

builds GitHub. Turn in online 👉 githubuniverse.com/events/detail/

Nov 10

Attention researchers 👇�?�

Quote Tweet

@XCorail mentioned that a great way for security researchers to give back to the community is by contributing CodeQL rules. Folks can submit to the bounty program and make $$ doing so too! securitylab.github.com/bounties/ #GitHubUniverse

“How GitHub uses GitHub to Secure GitHub�? with

and

Happening now!

🔥

Quote Tweet

It’s time to get cozy with the GitHub Security Lab’s fireside chat. Join now to get valuable insights into how their research empowers devs like you. githubuniverse.com/events/detail/

Show this thread

Happening now! “What’s next for GitHub’s security products�? 👀 online and in-person

Quote Tweet

GitHub Universe

@githubuniverse

If you want to stay on the cusp of what’s new in security, join this talk to hear what the GitHub team has been working on. Happening at 1:30 on Mona's Stage! #GitHubUniverse

GitHub conference about cloud, AI, software security, and the open source developer community. Designed for enterprises, start-ups, and security professionals.

What’s the difference between shifting left and developer-first security? (This isn’t a trick question.) Get the scoop—and the tools to keep your organization secure—from Field Architect, Nick Leffin.

githubuniverse.com

GitHub Universe 2022

Come watch our very own

@steiza

present here!👇�?�

Quote Tweet

Calling all administrators of GitHub organizations: Security doesn’t have to be scary! This talk will provide you with concrete steps for improving the security of your software development process. githubuniverse.com/events/detail/

Show this thread

GitHub Security Lab

@GHSecurityLab

Nov 8

Want to know more about our work? Tomorrow, join us virtually or in person at #GitHubUniverse for a fireside chat with

@xcorail

and

@lauraleapaine

. Register at githubuniverse.com

Jacob DePriest

@jacobdepriest

Excited to talk about how GitHub uses GitHub to secure GitHub today at #GitHubUniverse! Join us live or virtually at 2:30pm PST today!

Thomas Dohmke

@ashtom

Nov 7

We're trying out something new with a few folks at Universe this week & have partnered with

@pimoroni

on a hackable, Micropython based conference badge running the

@Raspberry_Pi

RP2040 chip and an e-Ink display. 🤓

read image description

ALT

535

Show this thread

Nov 7

Meet GitHub at Black Hat Europe, December 7-8, booth #107! We will have deep-dives on our technical demos, in-booth presentations, giveaways, and the chance to build your own custom Octocat! Learn more: resources.github.com/github-blackha #BHEU #security

Nov 7

We’re hiring! Come lead our Threat Hunting, Operations, and Incident Response (THOR) teams:

Nov 6

There’s nothing like seeing #GitHubUniverse come to life. 👀 Here are some throwbacks from past events to give you a peek at what San Francisco might have in store 4 days from now! See you there on Nov. 9 & 10. githubuniverse.com

read image description

ALT

Image of a room filled with people on their laptops and phones, watching two people on stage give a demo at GitHub Universe.

read image description

ALT

read image description

ALT

Image of a large octocat made out of balloons at a previous GitHub Universe.

read image description

ALT

236

Nov 2

Fixed bug that allowed OAuth tokens improper access to SAML SSO protected organization resources when used with the `/issues` API endpoint github.blog/changelog/2022

Nov 1

Our October 🎃 bug bounty stats are no trick: 👫106 hackers participated in our program ✅Closed 154 reports 💰Awarded $20,536 in bounties

Nov 1

We are continuing to monitor and review the impact to our vendors and dependencies. Should our assessment change, we will share updates according to GitHub’s established response procedures.

GitHub has investigated and found no critical systems with impact from the OpenSSL 3.x vulns, CVE-2022-3786 and CVE-2022-3602. At this time we have determined no risk is posed through GitHub to our customers or partners from this issue.

103

Show this thread

Curious about breaking into cybersecurity? 👀 As we wrap up #CybersecurityAwarenessMonth, we're sharing a glimpse into several security-focused roles here at GitHub!

Creating a more inclusive security research field | The GitHub Blog

A glimpse into the backgrounds and day-to-day work of several GitHub employees in cybersecuriity roles.

666 files changed, review changes

Quote Tweet

MongoDB

@MongoDB

Write a developer horror story in 5 words or less.

148

1,136

WE'RE HIRING! We have a great opportunity for someone (with strong Azure knowledge) to be instrumental in the future of how GitHub builds our infrastructure in the cloud. boards.greenhouse.io/github/jobs/46 #Hiring #RemoteJobs #SecurityHiring

Check out the latest researcher interview in GitHub's Bug Bounty Researcher Spotlight series

Cybersecurity spotlight on bug bounty researcher @ahacker1 | The GitHub Blog

As we wrap up Cybersecurity Awareness Month, the GitHub bug bounty team is excited to spotlight one of the security researchers who participates in the GitHub Security Bug Bounty Program.

Oct 28

Display SAML SSO authentication data in audit log – Private Beta

Display SAML SSO authentication data in audit log - Private Beta | GitHub Changelog

Display SAML SSO authentication data in audit log - Private Beta

Antonio Morales

@Nosoynadiemas

Oct 28

La próxima semana se celebra en Buenos Aires la #Eko2022 y allí estaré junto con mis compañeros de

disfrutando del evento. Te animo a pasarte por nuestro stand y conocer algunas de las últimas novedades en cuanto a seguridad

Improved account recovery for npm users in case of a lost 2FA device.

Quote Tweet

Oct 25

Improved account recovery flow in case of a lost 2FA device github.blog/changelog/2022

Oct 25

CodeQL code scanning now supports customizing build configurations for Go analysis

CodeQL code scanning now supports customizing build configurations for Go analysis | GitHub...

CodeQL code scanning now supports customizing build configurations for Go analysis

Oct 26

Chief Tools is now a GitHub secret scanning partner

Chief Tools is now a GitHub secret scanning partner | GitHub Changelog

Chief Tools is now a GitHub secret scanning partner