“AI is destroying my humanity.” @mitchellh.com (HashiCorp; Ghostty, Vouch). From a conversation @helen.blog and I had with him.
Not an anti-AI take. A maintainer capacity take. Creation got cheaper. Review didn’t.
Maintainers: what’s helped you keep mentoring sustainable?
Come say hi 👋 at DeveloperWeek.
Who knows how to secure open source better than the maintainers themselves? 🛡️
Apparently it decided that the drive-in line was the best place to stop for picking up the rider 😂
Cars are lined up in a fast food drive in and a self-driving Waymo car is trying to cut the line and insert into it.
Not a Waymo forcing the passage and cutting the line in a In-n-Out drive in 🤦♂️
Thanks for what you’re doing for all of us Ian.
This is amazing. Use a SAST to detect security issues, and then triage those alerts with LLMs, to remove false positives and focus on real and exploitable issues.
And of course, the framework is open source.
Ooooh, subscribing to this thread! My son is 16 and is also about to get his DL!
But same: I rewatch a lot of movies … I use my kids, and their artistic education, as an excuse.
Oh hell no! … I saw it once, and I am never watching it again! lol 😂
Too realistic, too scarily probable. I haven’t ever looked at mushrooms the same way.
🚀 GitHub is making Actions more secure by default
We recently announced upcoming changes to the pull_request_target event and environment protection rules to make GitHub Actions more secure by default.
We’ve opened a discussion to gather feedback 👇
🔗 github.com/orgs/communi...
The internet was on fire. 🔥
One small library affecting billions of systems.
Log4Shell was the biggest security vulnerability of all time.
Now, Log4J maintainer, Christian Grobmeier tells us what it felt like inside the flames 👉 github.blog/open-source/...
“Ignorance will break all software.”
Log4Shell’s one line of code broke the internet, and taught us all a lesson we can’t ignore. As Christian Grobmeier, maintainer of Log4J puts it: "Learning is the only cure for ignorance. So just keep learning."
Oh, congrats Kara!
We're taking action to make the npm supply chain stronger and harder to attack. 🛡️
Check out our plan to create a more secure future for the JavaScript community.👇
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Recent account takeovers and attacks on package registries are a wake-up call: it's time to raise the bar on authentication and secure publishing practices. Find out what npm is doing—and what steps you can take—to help secure the open source supply chain: github.blog/security/sup...
Yay!
When we see your smile for 2001 vs. Twilight, we know what the final result will be 😂
Hey security people, if you’re in Las Vegas, say hi!
If you want to talk open source security, or GitHub security products, I’d be happy to chat!
Are you at Security BSides Las Vegas?
Our very own Madison Oliver is joining a panel on the evolving role of the CVE Program — from funding challenges to global coordination and new governance models.
ℹ️ pretalx.com/security-bsi...
🗓️ August 5 | ⏰ 13:00–13:45 PT
Anyone else going to #ossna and flight to Denver is delayed, without visibility?
Throw them a volleyball and see what happens. We need to know.
If you, a business, are reliant on an open source project to function it is YOUR responsibility to assess and ensure the health of that project by either contributing to it yourself or by using an alternative if project health cannot be guaranteed.
I am curious now … which one?
It’s free. It’s fun. It’s easy.
Learn about secure coding with the GitHub secure code game.
Depends. It would take me too long to arrive … I would make long pauses on the grass!
