It seems that GitHub management is seriously thinking about software security. First there was a data warehouse in Svalbard and
F5, Google, HackerOne, Intel, IOActive, JP Morgan, LinkedIn, Microsoft, Mozilla, NCC Group, Oracle, Trail of Bits, Uber and VMWare are already participating in the initiative. Over the past two years, they have helped identify and eliminate 105 vulnerabilities in a number of projects.
Other participants were promised rewards of up to $3000 for identified vulnerabilities. The GitHub interface already has the ability to get the CVE identifier for an issue and create a report about it. A catalog of vulnerabilities has been launched
In addition, updated protection has already been added to the system, which ensures that personal and confidential data, such as tokens, keys, and the like, do not end up in public repositories. Allegedly, the system automatically scans key formats from 20 services and cloud systems. If a problem is detected, a request is sent to the service provider to confirm the problem and revoke the compromised keys.
Note that GitHub was previously acquired by Microsoft. It seems that Redmond has decided to take data security seriously.
Source: 3dnews.ru