Does the CISO of GitHub read her own GitHub issues alerting her of malware?

gnabgib · 2025-02-19T04:22:55 1739938975

You seem to have a bee in your bonnet about this, please stop submitting - this isn't a GH support forum:

If you work at GitHub security, you are bad at your job (12 points, 23 hours ago) https://news.ycombinator.com/item?id=43086058

GitHub flooded with malware repos spoofing real projects–no response from GitHub (13 points, 3 days ago) https://news.ycombinator.com/item?id=43056128

figassis · 2025-02-19T07:01:01 1739948461

It’s definitely served as a support forum for other companies, like Stripe. Maybe only for YC companies?

joshdotsmith · 2025-02-19T04:27:06 1739939226

Yes, a forum of people interested in software development might care that most new repositories created on the most popular website for sharing open source code will end up spoofed and sharing malware?

joshdotsmith · 2025-02-19T04:21:49 1739938909

As I wrote in this issue, I am exhausted. Microsoft has plenty of money to handle issues like this and chooses not to do so. I have spent hours now reaching out to GitHub in vain, tracking down people affected, and trying to figure out how to get someone to give one single flying fuck.

So what the hell. Let’s make the CISO’s slideshow intro to GitHub popular.

t_believ-er873 · 2025-02-19T13:41:18 1739972478

Unfortunately, bad actors abuse GitHub more and more. Only last year there were some articles about it: https://gitprotect.io/devops-threats-unwrapped.html