At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key for GitHub.com. Read more here:
Follow
Click to Follow GitHubSecurity
GitHub Security
@GitHubSecurity
GitHub Security’s Tweets
Happy work anniversary to , who joined as its first Chief Security Officer two years ago 🎉 Read about his experience so far: linkedin.com/pulse/two-year
2
5
9
Securing the software supply chain starts with the developer. At GitHub, we believe two-factor authentication is one of the single most impactful steps we can take to secure our platform and the millions of contributors and our customers who rely on open source software.
Quote Tweet
On March 13, we officially begin rolling out our requirement for all developers who contribute code on GitHub.com to enable 2FA by the end of 2023 
Learn about the process & how you can help secure the software supply chain with 2FA: github.blog/2023-03-09-rai
Learn about the process & how you can help secure the software supply chain with 2FA: github.blog/2023-03-09-rai
4
19
On March 13, we officially begin rolling out our requirement for all developers who contribute code on GitHub.com to enable 2FA by the end of 2023 ✨ Learn about the process & how you can help secure the software supply chain with 2FA: github.blog/2023-03-09-rai
5
60
102
Check out 's recent interview on the Cyber Work Podcast below ⬇�? He chats with Chris Sienko about 's commitment to security & how you can move your org toward a dev-focused security team.
Quote Tweet
Jacob DePriest, the VP and deputy chief security Officer at GitHub, joined this week's Cyber Work Podcast.
Whether you’re just hearing about GitHub now or you’re using GitHub from the moment your work day starts, you’ll want to check out this episode.
infosecinstitute.com/podcast/github
1
5
The secret scanning alert experience is now generally available for public repositories. ✨ Read on to learn how you can enable it with one click today.
3
24
69
Here are our February 💗 bug bounty stats:
✅Closed 174 reports
💰Awarded $93,617 in bounties
👫115 hackers participated in our program
2
6
Great chat with about how works, GitHub Advanced Security, and leading high tempo operational teams!
Quote Tweet
4
7
Here are our January 🎊 bug bounty stats:
✅Closed 193 reports
💰Awarded $89,634 in bounties
👫116 hackers participated in our program
4
40
Update to the latest version of Desktop and previous version of Atom before February 2 to avoid disruptions.
4
21
50
Join us on February 8 in our San Francisco 🌉 office for The Security Meetup in partnership with ! Tasty food and craft cocktails included. Speakers include & . Register here ➡�? resources.github.com/github-owasp-s.
5
Introducing the Bug Bounty Swag Shop 🎉 Researchers can now earn exclusive branded swag as a bonus perk to their earned bounty reward!
22
91
✨ We're looking to hire a software engineer for our Security Operations Platform Health team. This is a remote role based in the US.
3
Show this thread
Here are our December �?��? bug bounty stats:
✅Closed 131 reports
💰Awarded $136,485 in bounties
👫94 hackers participated in our program
1
2
38
Tune into this week's #osspodcast to hear chat about GitHub’s bug bounty program, including what’s in scope and why we love partnering with researchers opensourcesecurity.io/2022/12/11/epi
1
7
34
A few months ago we announced by the end of 2023, 2FA would be required on GitHub. Today we're sharing what you can expect next as we begin this important work to help secure the software supply chain. Read more here:
9
24
Hear about the key detection principles that lead our threat detection efforts + how we combat some of the toughest challenges in the industry today. Watch the recording of "Git outta here: how does detection" from #GitHubUniverse:
1
5
✨ We're looking for a Staff Security Engineer for our Cloud Security Operations team. This is a remote role based in Europe.
1
2
8
Show this thread
✨ We're looking for a Senior Security Engineer for our Threat Detection team. This is a remote role based in the US or the UK.
1
2
Show this thread
Boosting this ✨ This is a remote role based in the US.
Quote Tweet
We're hiring 
Come lead our Customer Security and Trust team! boards.greenhouse.io/github/jobs/46
Come lead our Customer Security and Trust team! boards.greenhouse.io/github/jobs/461
1
Show this thread
✨ We’re looking for a Senior Engineering Manager for our Product Security Paved Paths team! This is a remote role based in the US or Canada.
1
1
3
Show this thread
2
2
12
Show this thread
Watch the recording of "How uses GitHub to secure GitHub" with & from #githubuniverse here: youtube.com/watch?v=hVHLcb
Quote Tweet
I had a blast speaking at #GitHubUniverse with @gose1 , you can check out the whole session here! youtube.com/watch?v=hVHLcb
1
8
We're hiring 🎉 Come lead our Customer Security and Trust team!
6
6
Here are our November 🦃 bug bounty stats:
✅Closed 117 reports
💰Awarded $23,485 in bounties
👫92 hackers participated in our program
2
1
19
In about two hours, GitHub CSO & SVP of Engineering takes the stage to talk about how builds GitHub. Turn in online 👉 githubuniverse.com/events/detail/
2
7
Quote Tweet
@XCorail mentioned that a great way for security researchers to give back to the community is by contributing CodeQL rules. Folks can submit to the bounty program and make $$ doing so too! securitylab.github.com/bounties/ #GitHubUniverse
1
4
1
Happening now! “What’s next for GitHub’s security products�? 👀 online and in-person
Quote Tweet
If you want to stay on the cusp of what’s new in security, join this talk to hear what the GitHub team has been working on. Happening at 1:30 on Mona's Stage! #GitHubUniverse
2
What’s the difference between shifting left and developer-first security? (This isn’t a trick question.) Get the scoop—and the tools to keep your organization secure—from Field Architect, Nick Leffin.
5
8
18
Show this thread
4
Want to know more about our work? Tomorrow, join us virtually or in person at #GitHubUniverse for a fireside chat with and . Register at githubuniverse.com
5
5
Excited to talk about how GitHub uses GitHub to secure GitHub today at #GitHubUniverse! Join us live or virtually at 2:30pm PST today!
6
3
9
We're trying out something new with a few folks at Universe this week & have partnered with on a hackable, Micropython based conference badge running the RP2040 chip and an e-Ink display. 🤓
read image description
ALT
26
73
532
Show this thread
Meet GitHub at Black Hat Europe, December 7-8, booth #107! We will have deep-dives on our technical demos, in-booth presentations, giveaways, and the chance to build your own custom Octocat! Learn more: resources.github.com/github-blackha
#BHEU #security
1
14
71
We’re hiring! Come lead our Threat Hunting, Operations, and Incident Response (THOR) teams:
6
15
There’s nothing like seeing #GitHubUniverse come to life. 👀
Here are some throwbacks from past events to give you a peek at what San Francisco might have in store 4 days from now! See you there on Nov. 9 & 10. githubuniverse.com
read image description
ALT
read image description
ALT
read image description
ALT
read image description
ALT
4
38
230
Fixed bug that allowed OAuth tokens improper access to SAML SSO protected organization resources when used with the `/issues` API endpoint github.blog/changelog/2022
3
9
Our October 🎃 bug bounty stats are no trick:
👫106 hackers participated in our program
✅Closed 154 reports
💰Awarded $20,536 in bounties
1
1
16