Follow
Click to Follow GitHubSecurity
GitHub Security
@GitHubSecurity
GitHub Security’s Tweets
Here are our December �� bug bounty stats:
✅Closed 131 reports
💰Awarded $136,485 in bounties
👫94 hackers participated in our program
1
2
37
Tune into this week's #osspodcast to hear chat about GitHub’s bug bounty program, including what’s in scope and why we love partnering with researchers
1
7
35
A few months ago we announced by the end of 2023, 2FA would be required on GitHub. Today we're sharing what you can expect next as we begin this important work to help secure the software supply chain. Read more here:
9
23
Hear about the key detection principles that lead our threat detection efforts + how we combat some of the toughest challenges in the industry today. Watch the recording of "Git outta here: how does detection" from #GitHubUniverse:
1
6
✨ We're looking for a Staff Security Engineer for our Cloud Security Operations team. This is a remote role based in Europe.
2
5
Show this thread
✨ We're looking for a Senior Security Engineer for our Threat Detection team. This is a remote role based in the US or the UK.
1
2
Show this thread
Boosting this ✨ This is a remote role based in the US.
Quote Tweet
We're hiring 
Come lead our Customer Security and Trust team! boards.greenhouse.io/github/jobs/46
Come lead our Customer Security and Trust team! boards.greenhouse.io/github/jobs/461
1
Show this thread
✨ We’re looking for a Senior Engineering Manager for our Product Security Paved Paths team! This is a remote role based in the US or Canada.
1
1
3
Show this thread
Watch the recording of "How uses GitHub to secure GitHub" with & from #githubuniverse here: youtube.com/watch?v=hVHLcb
Quote Tweet
I had a blast speaking at #GitHubUniverse with @gose1 , you can check out the whole session here! youtube.com/watch?v=hVHLcb
1
8
Here are our November 🦃 bug bounty stats:
✅Closed 117 reports
💰Awarded $23,485 in bounties
👫92 hackers participated in our program
2
1
19
In about two hours, GitHub CSO & SVP of Engineering takes the stage to talk about how builds GitHub. Turn in online 👉 githubuniverse.com/events/detail/
2
7
Quote Tweet
@XCorail mentioned that a great way for security researchers to give back to the community is by contributing CodeQL rules. Folks can submit to the bounty program and make $$ doing so too! securitylab.github.com/bounties/ #GitHubUniverse
1
3
1
Happening now! “What’s next for GitHub’s security products� 👀 online and in-person
Quote Tweet
If you want to stay on the cusp of what’s new in security, join this talk to hear what the GitHub team has been working on. Happening at 1:30 on Mona's Stage! #GitHubUniverse
2
What’s the difference between shifting left and developer-first security? (This isn’t a trick question.) Get the scoop—and the tools to keep your organization secure—from Field Architect, Nick Leffin.
5
9
19
Show this thread
4
Want to know more about our work? Tomorrow, join us virtually or in person at #GitHubUniverse for a fireside chat with and . Register at githubuniverse.com
4
4
Excited to talk about how GitHub uses GitHub to secure GitHub today at #GitHubUniverse! Join us live or virtually at 2:30pm PST today!
6
3
9
We're trying out something new with a few folks at Universe this week & have partnered with on a hackable, Micropython based conference badge running the RP2040 chip and an e-Ink display. 🤓
read image description
ALT
26
77
530
Show this thread
Meet GitHub at Black Hat Europe, December 7-8, booth #107! We will have deep-dives on our technical demos, in-booth presentations, giveaways, and the chance to build your own custom Octocat! Learn more: resources.github.com/github-blackha
#BHEU #security
1
14
73
We’re hiring! Come lead our Threat Hunting, Operations, and Incident Response (THOR) teams:
6
15
There’s nothing like seeing #GitHubUniverse come to life. 👀
Here are some throwbacks from past events to give you a peek at what San Francisco might have in store 4 days from now! See you there on Nov. 9 & 10. githubuniverse.com
read image description
ALT
read image description
ALT
read image description
ALT
read image description
ALT
4
40
234
Fixed bug that allowed OAuth tokens improper access to SAML SSO protected organization resources when used with the `/issues` API endpoint github.blog/changelog/2022
3
9
Our October 🎃 bug bounty stats are no trick:
👫106 hackers participated in our program
✅Closed 154 reports
💰Awarded $20,536 in bounties
1
1
17
We are continuing to monitor and review the impact to our vendors and dependencies. Should our assessment change, we will share updates according to GitHub’s established response procedures.
17
Show this thread
GitHub has investigated and found no critical systems with impact from the OpenSSL 3.x vulns, CVE-2022-3786 and CVE-2022-3602. At this time we have determined no risk is posed through GitHub to our customers or partners from this issue.
2
28
104
Show this thread
Curious about breaking into cybersecurity? 👀 As we wrap up #CybersecurityAwarenessMonth, we're sharing a glimpse into several security-focused roles here at GitHub!
14
42
WE'RE HIRING! We have a great opportunity for someone (with strong Azure knowledge) to be instrumental in the future of how GitHub builds our infrastructure in the cloud. boards.greenhouse.io/github/jobs/46 #Hiring #RemoteJobs #SecurityHiring
1
15
22
Check out the latest researcher interview in GitHub's Bug Bounty Researcher Spotlight series
3
5
Display SAML SSO authentication data in audit log – Private Beta
4
15
La próxima semana se celebra en Buenos Aires la #Eko2022 y allà estaré junto con mis compañeros de disfrutando del evento.
Te animo a pasarte por nuestro stand y conocer algunas de las últimas novedades en cuanto a seguridad
1
6
19
Improved account recovery for npm users in case of a lost 2FA device.
Quote Tweet
Improved account recovery flow in case of a lost 2FA device github.blog/changelog/2022
7
13
CodeQL code scanning now supports customizing build configurations for Go analysis
4
9
Chief Tools is now a GitHub secret scanning partner
2
9
Yes, GitHub encrypts your source code at rest, but did you know GitHub also encrypts sensitive database columns in our monolith? Read more in Part 1 of 2 blog posts on database encryption
5
7