I'm hiring a Communications and Education Manager to help engage GitHubbers and the GitHub community around all things #infosec. If you have a passion for internal comms, executive comms, or security awareness training I encourage you to apply. DMs open. boards.greenhouse.io/github/jobs/37…

DevSecOps is a team sport. This Friday, join HackerOne’s Alex Rice and GitHub’s Greg Ose for an inside look at a tried and true DevSecOps program, and the critical role ethical hackers play. ow.ly/222m50HybnF

What good is a security system that hasn't been tested? Come help GitHub test our security systems! Our red team is expanding with room for Senior and Junior roles. boards.greenhouse.io/github/jobs/38…

Join the security teams twilio Netflix and GitHub for an exciting virtual event Apr 28 3:00pm-5:00pm PDT to discuss Scaling AppSec with your Application Security practitioner colleagues! scalingsecurityappsec.splashthat.com

Looking to rollout Dependabot for your enterprise? Check out how GitHub's security team uses Dependabot internally. github.blog/2022-05-25-how…

📚 tl;dr sec 135 * BSidesSF this weekend! * @google Cloud forensics utils * Jill Moné-Corallo, dawgyg - WoH Running bug bounty programs * Chainguard ⛓️ Supply chain security reading list * ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 🛡️ Newsletter analysis * Ben Lincoln RCE in Rails apps tldrsec.com/blog/tldr-sec-…

Incredibly excited to see Entitlements open sourced for identity and access management on GitHub! Bravo Shawna Butterworth Social Media Vacation and @notmailman! 👏🎉👏🎉 github.blog/2022-06-09-int…

GitHub's Bug Bounty team just hit 1000 reports resolved! ✨🎉✨🎉✨🎉

GitHub has learned of a phishing campaign targeting GitHub users by impersonating CircleCI to harvest user credentials and two-factor codes. Read more about our response and how to protect your accounts from phishing attacks. github.blog/2022-09-21-sec…

My first blog post at GitHub! We have been hard at work upgrading our encryption strategy to ActiveRecord::Encryption. Keep an eye out because next week we will detail how we migrated previously encrypted data to the new standard and how you can too!

Are you attending Ekoparty | Hacking everything ? Go stop by the GitHub Security booth and say hello to s2jeff from our Bounty Team.

Excited to talk about how GitHub uses GitHub to secure GitHub today at #GitHubUniverse! Join us live or virtually at 2:30pm PST today!

NEW Security Feature: 🎉 PRIVATE VULNERABILITY REPORTING 🎉

We’ve launched our secret scanning alert experience for free for all public repositories. You can now proactively detect any leaked secrets that may be exposed in your code and have remediation recommendations – all within the GitHub UI. github.blog/2022-12-15-lea…

Secret scanning is now available for free on public repositories github.blog/changelog/2022…

🎉 You can now enable code scanning in your GitHub Actions workflow files! ✅ By opting-in to this feature, you can enhance the security of repositories using GitHub Actions. github.blog/changelog/2024…