GitHub

GitHub sets up private vulnerability reports for public repos to avoid 'naming and shaming'

No need for ignominy when a flaw is found

Security14 Nov 2022 | 5

Microsoft moves to tighten Azure DevOps security with granular access tokens

Narrowing permissions could be difference between mildly pwned and totally pwned corporate network

Devops11 Nov 2022 |

GitHub's Copilot flies into its first open source copyright lawsuit

Opinion It won't be the last

AI + ML11 Nov 2022 | 91

Dropbox admits 130 of its private GitHub repos were copied after phishing attack

Personal info and data safe, stolen code not critical, apparently

Cyber-crime01 Nov 2022 | 2

Purpleurchin cryptocurrency miners spotted scouring free GitHub, Heroku accounts

This is why we can't have nice things

Research27 Oct 2022 | 14

AI programming assistants mean rethinking computer science education

Analysis Boffins say educators need to deal with opportunities and risks of GitHub Copilot and pals

AI + ML20 Oct 2022 | 27

How GitHub Copilot could steer Microsoft into a copyright storm

Special report AI-driven coding tool might generate other people's code – who knew? Well, Redmond, for one

AI + ML19 Oct 2022 | 75

Toyota dev left key to customer info on public GitHub page for five years

'Oh what a feeling' when your contractor leaks site source code

Security11 Oct 2022 | 8

AI co-programmers perhaps won't spawn as many bugs as feared

They can't be any worse than some human developers

AI + ML07 Oct 2022 | 17

No longer prepared to svn commit: WebKit migrates to GitHub

Apple's web engine to take advantage of Git’s distributed nature, GitHub’s large community

Devops01 Sep 2022 | 23

Merge requests and insecure GitHub workflows may lead to supply-chain attacks

Starting with Google Firebase and Apache Camel repos

Devops01 Sep 2022 | 8

Banned Tornado Cash code reuploaded to GitHub in free speech test

Cryptography prof tells Microsoft to get forked

Software24 Aug 2022 | 58

GitHub Copilot may be perfect for cheating CompSci programming exercises

Shakeup in teaching looms as code-completion tool lets students 'bring an Uzi to a knife fight'

AI + ML19 Aug 2022 | 58

GitHub courts controversy by suspending Tornado Cash developers and reneging on cookie commitments

If you're looking for free speech or privacy, move along

Software10 Aug 2022 | 59

FauxPilot: It's like GitHub Copilot but doesn't phone home to Microsoft

Updated And if you train your own AI model for it, you can worry less about licensing

Devops06 Aug 2022 | 19

Miscreants aim to cause Discord discord with malicious npm packages

LofyLife campaign comes amid GitHub security lockdown

Research02 Aug 2022 | 2

Even robots have the right to learn from open source

Opinion Just because it's Microsoft doesn't mean it's wrong

Software11 Jul 2022 | 68

Open source body quits GitHub, urges you to do the same

Paid-for Copilot trained on FOSS code final straw for Software Freedom Conservancy

AI + ML30 Jun 2022 | 94

Arrogant, subtle, entitled: 'Toxic' open source GitHub discussions examined

Analysis Developer interactions sometimes contain their own kind of poison

Devops29 Jun 2022 | 116

For a few days earlier this year, rogue GitHub apps could have hijacked countless repos

A bit of a near-hit for the software engineering world

Devops21 Jun 2022 | 5

GitHub's AI code assistant Copilot takes flight. And that'll be $10 a month, please

You wanna bug fix and chill?

AI + ML21 Jun 2022 | 19

RubyGems polishes security practices with multi-factor authentication push

Faced with rising software supply-chain attacks, package registries are locking things down

Devops16 Jun 2022 | 1

GitHub drops Atom bomb: Open-source text editor mothballed by end of year

Embrace, extend technology into other products ... and extinguish

Devops08 Jun 2022 | 58

GitHub saved plaintext passwords of npm users in log files, post mortem reveals

Unrelated to the OAuth token attack, but still troubling as org reveals details of around 100,000 users were grabbed by the baddies

Security27 May 2022 | 16

How to find NPM dependencies vulnerable to account hijacking

Security engineer outlines self-help strategy for keeping software supply chain safe

CSO23 May 2022 | 21

Email domain for NPM lib with 6m downloads a week grabbed by expert to make a point

Special report Campaign to coax GitHub-owned outfit to improve security starts showing results

CSO10 May 2022 | 47

GitHub to require two-factor authentication for code contributors by late 2023

Code locker has figured out it's a giant honeypot for miscreants planning supply chain attacks

Security05 May 2022 | 17

Communication around Heroku security incident dubbed 'train wreck'

Users claim lack of transparency following compromise of Github tokens

Security04 May 2022 | 5

Microsoft reanimates 1995's 3D Movie Maker via GitHub

Next Nadella keynote to be delivered by McZee?

Software04 May 2022 | 10

Watch out for AI models regurgitating misplaced keys that unlock crypto wallets

Effect of GitHub's OpenAI-powered Copilot memorizing sensitive but public data

AI + ML03 May 2022 | 4

So, what happened with GitHub, Heroku, and those raided private repos?

Analysis Who knew what when and what did they do?

Devops21 Apr 2022 | 10

GitHub's Dependabot learns to report bad news you can use

Instead of just raising the alarm, automated code-scold will flag where the fire is

Devops15 Apr 2022 |

GitHub tackles leaks by scanning for secrets in pushed code

Repo updates inspected for security blunders before some git can exploit them

Security05 Apr 2022 | 6

Dev rigs up receipt printer to spit out GitHub issues

Not the first time the letters POS have been associated with someone's repo

Software29 Mar 2022 | 25

GitHub explains outage string in incidents update

It was MySQL, with the resource contention, in the database cluster

Software24 Mar 2022 | 21

Complaints mount after GitHub launches new algorithmic feed

GitHub algorithm seeks to improve discovery. Developers disagree.

Software23 Mar 2022 | 40

This JavaScript scanner hunts down malware in libraries

Stick a fork in this Socket and zap malicious NPM packages

Security01 Mar 2022 | 2

GitHub puts prebuilt Codespaces into public beta

Say goodbye to your coffee break

Devops25 Feb 2022 | 3

Worried about occasional npm malware scares? It's more common than you may think

WhiteSource says it spotted 1,300 malicious JavaScript packages in 2021 alone

Security03 Feb 2022 | 15

OpenShell has been working on a classic replacement for Windows 11's Start menu

It's still early days, though

OSes26 Jan 2022 | 53

JavaScript dev deliberately screws up own popular npm packages to make a point of some sort

Updated Faker.js and colors.js sabotaged by maker

Software10 Jan 2022 | 90

Four years: That's how long Azure's App Service had a source code leak bug

Firm that found the flaw also spotted ChaosDB and OMIGOD, confident this one’s been exploited

Security24 Dec 2021 | 7

Gnu Nano releases version 6.0 of text editor, can now hide UI frippery

First five full releases took 20 years, this one arrived in 18 months

Software16 Dec 2021 | 53

LINE Pay leaks around 133,000 users' data to GitHub, of all places

Someone just accidentally put it there, says the messaging service company

Security07 Dec 2021 | 3

Ubiquiti dev charged with knocking $4bn off firm's value after insider threat spree

Prosecutors claim Nickolas Sharp even posed as a whistleblower to press

Legal02 Dec 2021 | 8

Thousands of Firefox users accidentally commit login cookies on GitHub

GitHub: 'Credentials exposed by our users are not in scope'

Security18 Nov 2021 | 27

GitHub's State of the Octoverse survey shows devs are still swerving the office

Coding JS in your PJs here to stay

Devops17 Nov 2021 | 2

GitHub fixes authorisation vulnerability in the NPM JavaScript package registry

Flaw allowed 'an attacker to publish new versions of any npm package'

Security16 Nov 2021 | 4

GitHub CEO forks off: Nat Friedman to quit this month, replacement will report to exec behind .NET Hot Reload fiasco

Updated Chief product officer takes over world's palatable social network

Devops03 Nov 2021 | 8

OpenID-based security features added to GitHub Actions as usage doubles

GitHub Universe Single-use tokens and reusable workflows explained at Universe event

Devops28 Oct 2021 |

NPM packages disguised as Roblox API code caught carrying ransomware

Subverted libraries likely intended as a prank but should be taken seriously, say security researchers

Security27 Oct 2021 | 7

It's that time of the year again when GitHub does its show'n'tell of features – some new and others kinda new

Universe event reveals iterative improvements but no big bang

Devops27 Oct 2021 | 5

.NET Foundation admits it 'violated the trust of project maintainers'

Mashes the Sorry button, offers to reverse forced code migration, and promises not to ever mess with projects again

Software13 Oct 2021 | 8

GitLab all set to go public as revenues – and losses – rise

IPO was expected last year but then we had a pandemic

Devops20 Sep 2021 | 10

Open-source software starts with developers, but there are other important contributors, too. Who exactly? Good question

Opinion Looking beyond the programmers

Software08 Sep 2021 | 40

GitHub merges 'useless garbage' says Linus Torvalds as new NTFS support added to Linux kernel 5.15

Also: Compiler warnings now treated as errors by default in kernel builds

Software06 Sep 2021 | 99