This malicious PyPI package mixed source and compiled code to dodge detection
Oh cool, something else to scan for
Security02 Jun 2023 | 11
GitHub
Absolute mad lad renders Doom in teletext
Sure is '90s in here
Offbeat31 May 2023 | 34
GitHub code search redesign can't find many fans
Poll Missing capabilities, bugs, unloved interface decisions dog engine revision – and what do you think?
Devops13 May 2023 | 17
GitHub, Microsoft, OpenAI fail to wriggle out of Copilot copyright lawsuit
Judge won't toss out two key charges, software source slurping case still on
Software12 May 2023 | 18
GitHub dumps frustrating code search engine for Rust-powered Blackbird
Here's hoping for fewer head-desk moments for devs
Devops09 May 2023 | 6
GitHub debuts pedigree check for npm packages via Actions
Publishing provenance possibly prevents problems
Security19 Apr 2023 | 4
BROADER TOPICS
Judge grants subpoena to ID Twitter source code leaker
Unmasking also in store for anyone who's 'posted, uploaded, downloaded or modified' tweet biz code
Software29 Mar 2023 | 33
CISA unleashes Untitled Goose Tool to honk at danger in Microsoft's cloud
Not a headline we expected to write today
CSO24 Mar 2023 | 11
GitHub publishes RSA SSH host keys by mistake, issues update
Getting connection failures? Don't panic. Get new keys
Security24 Mar 2023 | 34
GitHub Copilot learns new tricks, adopts this year's model
Armed with GPT-4, Microsoft's AI 'pair programmer' can tag pull requests, parrot documentation, talk about code
AI + ML22 Mar 2023 | 14
The npm registry's safe word is Socket
Exclusive GitHub's JavaScript failings are someone else's opportunity
Devops16 Mar 2023 | 8
One third wiped off value of GitLab shares, Wall Street didn't like weaker outlook
Investors nervous in same week that Silicon Valley Bank failed
Devops14 Mar 2023 | 6
GitHub rolls out mandatory 2FA for loads of devs next week
Engineers who contribute to public projects told to enroll
Software09 Mar 2023 | 11
Frankenstein malware stitched together from code of others disguised as PyPI package
Crime-as-a-service vendors mix and match components as needed by client
Research03 Mar 2023 | 3
Who writes Linux and open source software?
Opinion Developers and, more to the point, the companies that employ them
OSes24 Feb 2023 | 111
GitHub claims source code search engine is a game changer
When grep isn't good enough, try Blackbird
Devops07 Feb 2023 | 51
GitHub CEO says EU AI Act shouldn't apply to open source devs
FOSDEM Lawmakers said to be trying to align on the basics by 'early March'
AI + ML07 Feb 2023 | 6
Microsoft, GitHub, OpenAI urge judge to bin Copilot code rip-off case
We're not the bad guys in this, Azure empire says with a straight face
Devops31 Jan 2023 | 25
Midjourney, DeviantArt face lawsuit over AI-made art
Updated Lawyer known for GitHub Copilot case to argue artists' legal struggle
AI + ML16 Jan 2023 | 60
Should open source sniff the geopolitical wind and ban itself in China and Russia?
Opinion Can it even do that? And does FOSS deserve an exemption to sanctions?
Software01 Jan 2023 | 216
Crooks copy source code from Okta’s GitHub repository
The hack wraps up a year of bad security incidents for identity
Security23 Dec 2022 | 13
Study finds AI assistants help developers produce code that's more likely to be buggy
At the same time, tools like Github Copilot and Facebook InCoder make developers believe their code is sound
Software21 Dec 2022 | 61
GitHub adds admin controls to Copilot, paints 'Business' on the side, doubles price
Ah, the enterprise way
AI + ML09 Dec 2022 | 22
WASP malware stings Python developers
Info-stealing trojan hides in malicious PyPI packages on GitHub
Research16 Nov 2022 | 9
GitHub sets up private vulnerability reports for public repos to avoid 'naming and shaming'
No need for ignominy when a flaw is found
Security14 Nov 2022 | 5
Microsoft moves to tighten Azure DevOps security with granular access tokens
Narrowing permissions could be difference between mildly pwned and totally pwned corporate network
Devops11 Nov 2022 |
GitHub's Copilot flies into its first open source copyright lawsuit
Opinion It won't be the last
AI + ML11 Nov 2022 | 91
Dropbox admits 130 of its private GitHub repos were copied after phishing attack
Personal info and data safe, stolen code not critical, apparently
Cyber-crime01 Nov 2022 | 2
Purpleurchin cryptocurrency miners spotted scouring free GitHub, Heroku accounts
This is why we can't have nice things
Research27 Oct 2022 | 14
AI programming assistants mean rethinking computer science education
Analysis Boffins say educators need to deal with opportunities and risks of GitHub Copilot and pals
AI + ML20 Oct 2022 | 27
How GitHub Copilot could steer Microsoft into a copyright storm
Special report AI-driven coding tool might generate other people's code – who knew? Well, Redmond, for one
AI + ML19 Oct 2022 | 75
Toyota dev left key to customer info on public GitHub page for five years
'Oh what a feeling' when your contractor leaks site source code
Security11 Oct 2022 | 8
AI co-programmers perhaps won't spawn as many bugs as feared
They can't be any worse than some human developers
AI + ML07 Oct 2022 | 17
No longer prepared to svn commit: WebKit migrates to GitHub
Apple's web engine to take advantage of Git’s distributed nature, GitHub’s large community
Devops01 Sep 2022 | 23
Merge requests and insecure GitHub workflows may lead to supply-chain attacks
Starting with Google Firebase and Apache Camel repos
Devops01 Sep 2022 | 8
Banned Tornado Cash code reuploaded to GitHub in free speech test
Cryptography prof tells Microsoft to get forked
Software24 Aug 2022 | 58
GitHub Copilot may be perfect for cheating CompSci programming exercises
Shakeup in teaching looms as code-completion tool lets students 'bring an Uzi to a knife fight'
AI + ML19 Aug 2022 | 58
GitHub courts controversy by suspending Tornado Cash developers and reneging on cookie commitments
If you're looking for free speech or privacy, move along
Software10 Aug 2022 | 59
FauxPilot: It's like GitHub Copilot but doesn't phone home to Microsoft
Updated And if you train your own AI model for it, you can worry less about licensing
Devops06 Aug 2022 | 20
Miscreants aim to cause Discord discord with malicious npm packages
LofyLife campaign comes amid GitHub security lockdown
Research02 Aug 2022 | 2
Even robots have the right to learn from open source
Opinion Just because it's Microsoft doesn't mean it's wrong
Software11 Jul 2022 | 68
Open source body quits GitHub, urges you to do the same
Paid-for Copilot trained on FOSS code final straw for Software Freedom Conservancy
AI + ML30 Jun 2022 | 94
Arrogant, subtle, entitled: 'Toxic' open source GitHub discussions examined
Analysis Developer interactions sometimes contain their own kind of poison
Devops29 Jun 2022 | 116
For a few days earlier this year, rogue GitHub apps could have hijacked countless repos
A bit of a near-hit for the software engineering world
Devops21 Jun 2022 | 5
GitHub's AI code assistant Copilot takes flight. And that'll be $10 a month, please
You wanna bug fix and chill?
AI + ML21 Jun 2022 | 19
RubyGems polishes security practices with multi-factor authentication push
Faced with rising software supply-chain attacks, package registries are locking things down
Devops16 Jun 2022 | 1
GitHub drops Atom bomb: Open-source text editor mothballed by end of year
Embrace, extend technology into other products ... and extinguish
Devops08 Jun 2022 | 58
GitHub saved plaintext passwords of npm users in log files, post mortem reveals
Unrelated to the OAuth token attack, but still troubling as org reveals details of around 100,000 users were grabbed by the baddies
Security27 May 2022 | 16
How to find NPM dependencies vulnerable to account hijacking
Security engineer outlines self-help strategy for keeping software supply chain safe
CSO23 May 2022 | 21
Email domain for NPM lib with 6m downloads a week grabbed by expert to make a point
Special report Campaign to coax GitHub-owned outfit to improve security starts showing results
CSO10 May 2022 | 47
GitHub to require two-factor authentication for code contributors by late 2023
Code locker has figured out it's a giant honeypot for miscreants planning supply chain attacks
Security05 May 2022 | 17
Communication around Heroku security incident dubbed 'train wreck'
Users claim lack of transparency following compromise of Github tokens
Security04 May 2022 | 5
Microsoft reanimates 1995's 3D Movie Maker via GitHub
Next Nadella keynote to be delivered by McZee?
Software04 May 2022 | 10
Watch out for AI models regurgitating misplaced keys that unlock crypto wallets
Effect of GitHub's OpenAI-powered Copilot memorizing sensitive but public data
AI + ML03 May 2022 | 4
So, what happened with GitHub, Heroku, and those raided private repos?
Analysis Who knew what when and what did they do?
Devops21 Apr 2022 | 10
GitHub's Dependabot learns to report bad news you can use
Instead of just raising the alarm, automated code-scold will flag where the fire is
Devops15 Apr 2022 |
GitHub tackles leaks by scanning for secrets in pushed code
Repo updates inspected for security blunders before some git can exploit them
Security05 Apr 2022 | 6
Dev rigs up receipt printer to spit out GitHub issues
Not the first time the letters POS have been associated with someone's repo
Software29 Mar 2022 | 25
GitHub explains outage string in incidents update
It was MySQL, with the resource contention, in the database cluster
Software24 Mar 2022 | 21
Complaints mount after GitHub launches new algorithmic feed
GitHub algorithm seeks to improve discovery. Developers disagree.
Software23 Mar 2022 | 40
This JavaScript scanner hunts down malware in libraries
Stick a fork in this Socket and zap malicious NPM packages
Security01 Mar 2022 | 2
GitHub puts prebuilt Codespaces into public beta
Say goodbye to your coffee break
Devops25 Feb 2022 | 3
Biting the hand that feeds IT
