Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications.
Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations who
Posted in GitHub, GitHub Security, Open Source, Penetration testing tools, vulnerability assessment, vulnerability management, vulnerability testing tool | Comments (0)
GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console.
Posted in bug bounties, Bug Bounty Program, Exablue, GitHub, GitHub Enterprise, HackerOne, Markus Fenske, rce, Remote Code Execution Bug, vulnerabilities | Comments (0)
A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.
The certificate authority, named WoSign, issued a base certificate for the Github domains to an unnamed GitHub user.
But How? First of all, do you know, the traditional Digital Certificate
Posted in certificate transparency, digital Certificate, free ssl certificate, GitHub, SSL Certificate, ssl security, website security | Comments (0)
Popular code repository site GitHub is warning that a number of users’ accounts have been compromised by unknown hackers reusing email addresses and passwords obtained from other recent data breaches.
Yes, GitHub has become the latest target of a password reuse attack after Facebook CEO Mark Zuckerberg and Twitter.
According to a blog post published by Shawn Davenport, VP of Security at
Posted in account hack, data breach, email hacking, GitHub, hacking news, hacking passwords, password reuse, password security | Comments (0)
When it comes to cloud computing, APIs more or less drive everything, but in the eyes of some researchers, existing security controls haven’t kept pace.
Posted in Amazon Web Services, APIs, Cloud computing, Cloud security, GitHub, Software vulns, Veracode, vulnerabilities, Web Security | Comments (0)
Uber’s sleuthing didn’t reveal the hand of Lyft’s CTO in the cookie jar, but an unidentified party at his IP address allegedly eyed the key.
Posted in Chris Lambert, CTO, data loss, database breach, Featured, GitHub, Law & order, lawsuit, lyft, Security threats, subpoena, Uber | Comments (0)