GitHub
'Rotate your keys now': Sensitive data could be accessible in deleted or private Github repositories
Researchers claim to have found 40 API keys belonging to a unnamed AI company inside a deleted fork on Github
DevOps
BoE, Deutsche Börse, Fidelity on the challenges of maintaining security without sacrificing innovation
"That’s definitely the hottest topic right now in tech for us across the bank,”
developers
Mercedes Benz' IT manager on coding automation, "Developer Happiness"
"I learnt very early on in my career, a fool with a tool is still a fool."
CISO
Mike Hanley, CSO, GitHub on “guns, gates, guards”, AI, ignoring the “flashy stuff”
"You have to be intentional about designing for real people who are not security experts."
CISO
“Security is a full contact sport”: Aerospace firm Sierra Nevada Corporation CSO Robert Daugherty
"We operate with the assumption that a sophisticated nation state threat actor is always active inside the organisation"
GitHub
"Refounded" GitHub boasts new AI tools to spot insecure code in real-time, let devs use natural language
“Our model targets the most common vulnerable coding patterns, including hardcoded credentials, SQL injections, and path injections" says "refounded" company.
developers
India to have the world's most developers on GitHub by 2027
Report also captures rapid growth in Python use and an explosion in AI projects.
Enterprise IT
GitHub sued over Copilot for alleged "unprecedented scale" software piracy
Complaint alleges "GitHub Copilot “ignores, violates, and removes" licenses...
Cybersecurity
GitHub supply chain attack cloned thousands of projects, spoofed genuine users
"No-one has the time or sanity to audit every thing every build process pulls in."
Cybersecurity
Heroku's GitHub connection remains on ice after breach as customers fret, eye alternatives
Several weeks after a major security incident at Heroku, the company said this week it "will not be reconnecting to GitHub until we are certain that we can do so safely, which may take some time" -- as news of the early April breach continues to percolate slowly
Cybersecurity
GitHub hacked, npm data stolen after 0auth tokens stolen in upstream breach
GitHub hacked after Heroku, Travis-CI 0auth tokens stolen in upstream attack
Enterprise IT
GitHub adds welcome option to scan for secrets BEFORE Git pushes
For repo security, take a look at Palantir's open source Policy Bot too...