@marypcbuk: I'd almost like to see a flag on a repo when the maintainer opts to only see a digest of their security vulns once a week; I kind of wish the joke about sending a warning every 15 minutes until they fix a known vuln was real (I know workflife balance but vulns!) #GitHubUniverse
@jjmerelo: RT @github: Introducing the Github Security Lab ✨
• Find vulnerabilities
• Build tools to secure open source codebases
• Connect to the work of developers and researchers around the world https://t.co/MDARALd1nQ
@dcuthbert: Mutter mutter something Microsoft will kill GitHub with this acquisition, something something angry nerds.
Microsoft are indeed killing it but now how many thought. More killing @github please, you are bug assassins
That was awesome. Just watched security researcher describe how he created exploit for Facebook TLS Fizz (C++) by 64K network packet that overflowed 16 bit int, causing infinite loop, crashing server.
@RealGeneKim: #Githubuniverse That was awesome. Just watched security researcher describe how he created exploit for Facebook TLS Fizz (C++) by 64K network packet that overflowed 16 bit int, causing infinite loop, crashing server.
@RealGeneKim: #GitHubUniverse For those interested in securing software supply chain, @stephenmagill and I will be presenting our one year research project findings studying the Maven Central and Java package ecosystem today at 3:20pm today, done in conjunction with @sonatype engineering team!
@matthewmccull: RT @github: Query your code to find and fix vulnerabilities with CodeQL.
@y_yagi: RT @github: With the GitHub Security Lab, we've teamed up with an initial group of security researchers, maintainers, and companies across the industry who share our belief that the security of open source is important for us all.
@oegerikus: Years in the making, now hitting the prime time at GitHub Universe: code as data! Cannot wait to see what you all will do with it - try it now.
@RealGeneKim: Congrats on all the amazing work, and the reach that GitHub will enable!
(Was talking with @stephenmagill about your work!)
That Facebook TLS server use scenario was awesome!!!
@mndoci: And now we know. @clare_liguori is on stage at #GitHubUniverse right now talking about how you can use Github Actions with Amazon ECS and AWS Fargate https://t.co/Am6aLhgQCW
@PWNetrationguru: RT @iMeluny: When Uber’s security team tested the efficacy of CodeQL we found, on average, 3 true variants for each vulnerability found via manual review. So, we rolled it out broadly to help scale automated code reviews across our codebase. - @PWNetrationguru#GitHubUniversehttps://t.co/4bAeCELfa4
@greybaker: CodeQL is going to change security scanning forever. We’re making it free for use on open source and building a community to secure the software we all depend on.
@GHSecurityLab: Hey #GitHubUniverse! We are running a Capture The Flag with CodeQL at the Connect Space area. Let's find some scary bugs in Bootstrap or in Das U-Boot together. Security newbies are welcome, we provide training wheels!
@stevewinton: 📦 🚀 and here’s a live example... continuous delivery of a Jekyll-powered blog to Amazon ECS using #GitHubActions