from Hacker News

Does the CISO of GitHub read her own GitHub issues alerting her of malware?

by joshdotsmith on 2/19/25, 4:17 AM with 5 comments

  • by gnabgib on 2/19/25, 4:22 AM

    You seem to have a bee in your bonnet about this, please stop submitting - this isn't a GH support forum:

    If you work at GitHub security, you are bad at your job (12 points, 23 hours ago) https://news.ycombinator.com/item?id=43086058

    GitHub flooded with malware repos spoofing real projects–no response from GitHub (13 points, 3 days ago) https://news.ycombinator.com/item?id=43056128

  • by joshdotsmith on 2/19/25, 4:21 AM

    As I wrote in this issue, I am exhausted. Microsoft has plenty of money to handle issues like this and chooses not to do so. I have spent hours now reaching out to GitHub in vain, tracking down people affected, and trying to figure out how to get someone to give one single flying fuck.

    So what the hell. Let’s make the CISO’s slideshow intro to GitHub popular.

  • by t_believ-er873 on 2/19/25, 1:41 PM

    Unfortunately, bad actors abuse GitHub more and more. Only last year there were some articles about it: https://gitprotect.io/devops-threats-unwrapped.html