Does the CISO of GitHub read her own GitHub issues alerting her of malware?
github.comYou seem to have a bee in your bonnet about this, please stop submitting - this isn't a GH support forum:
If you work at GitHub security, you are bad at your job (12 points, 23 hours ago) https://news.ycombinator.com/item?id=43086058
GitHub flooded with malware repos spoofing real projects–no response from GitHub (13 points, 3 days ago) https://news.ycombinator.com/item?id=43056128
It’s definitely served as a support forum for other companies, like Stripe. Maybe only for YC companies?
Yes, a forum of people interested in software development might care that most new repositories created on the most popular website for sharing open source code will end up spoofed and sharing malware?
As I wrote in this issue, I am exhausted. Microsoft has plenty of money to handle issues like this and chooses not to do so. I have spent hours now reaching out to GitHub in vain, tracking down people affected, and trying to figure out how to get someone to give one single flying fuck.
So what the hell. Let’s make the CISO’s slideshow intro to GitHub popular.
Unfortunately, bad actors abuse GitHub more and more. Only last year there were some articles about it: https://gitprotect.io/devops-threats-unwrapped.html