Github

Why We Signed The Copenhagen Pledge On Tech For Democracy

As the home for developers, we understand the key role our communities play in steering digital transformation and maintaining societal infrastructure. That's why we choose to drive and support policies and initiatives like the Copenhagen Pledge on Tech for Democracy. We're committed to working with like-minded organizations, governments, and civil society to make digital technologies work for democracy and human rights, and we encourage you to join us in this pledge.
Github

“If You Don’t Make It Beautiful, It’s For Sure Doomed”: Putting The Vault In GitHub’s Arctic Code Vault

GitHub this month installed a massive steel vault, etched with striking AI-generated art, deep within an Arctic mountain, finalizing its Arctic Code Vault. This vault contains the 188 reels of hardened archival film which will preserve the 02/02/2020 snapshot of every active public GitHub repository for 1,000 years. It also now includes a Tech Tree, a human-readable selection of works describing software, computers, and their foundational technologies, along with full-text copies of Wikipedia, Stack Overflow, and other data sources.
Github

5 Tips For Prioritizing Dependabot Alerts

Dependabot alerts can give you the ability to secure your project by keeping dependency-based vulnerabilities out of your code. Here are some tips to more efficiently prioritize and take action on your alerts, so you can get back to building.
Github

Dependabot Now Alerts For Vulnerable GitHub Actions

GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.
Github

Release Radar · July 2022 Edition

While some of us have been wrapping up the financial year, and enjoying vacation time, others have been hard at work shipping open source projects and releases. These projects include everything from world-changing technology to developer tooling, and weekend hobbies. Here are some of the open source projects that released major version updates this July. […]
Github

Release Radar · June 2022 Edition

It’s been a crazy couple of months with the end of financial year and lots of products shipping. Our community has been hard at work shipping projects too. These projects can include everything from world-changing technology to developer tooling, and weekend hobbies. Here are some of these open source projects that released major updates this […]
Github

Corrupting Memory Without Memory Corruption

In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers.
Github

Managing A Game Dev Community With GitHub Actions

A Little Game Called Mario is an open source, collectively developed hell project. Anyone and everyone is welcome to contribute their unique talents to make both the player and developer experience more enjoyable. Find out how the collective leverages GitHub Actions to manage this wonderful little community.
Github

The Chromium Super (inline Cache) Type Confusion

In this post I'll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I'll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome.
Github

Release Radar · May 2022 Edition

Each month, we highlight open source projects that have shipped major updates. These projects can include everything from world-changing technology to developer tooling, and weekend hobbies. We cover what the project is and some of their breaking changes. Read about the project, and browse their repositories. Without further ado, here are our top staff picks […]
Github

The Android Kernel Mitigations Obstacle Race

In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit.
Github

Git Merge 2022

Git Merge, the conference dedicated to bringing the Git community together returns on September 14-15 in Chicago, Illinois.
Github

How We Think About Browsers

Discover how GitHub thinks about browser support, look at usage patterns, and learn about the tools we use to make sure our customers are getting the best experience.
Github