Internal data Mercedes-Benz was accessible due to public GitHub token
An authentication token for GitHub was accidentally shared publicly by an employee. With this token, the entire source code on Mercedes' GitHub Enterprise Server was viewable.
RedHunt Labs found the authentication token during a routine scan in January. CTO Shubham Mittal contacted TechCrunch to... Read more
“AI assistants put downward pressure on quality of programming code”
AI assistance in writing programming code does not always turn out to be positive. Based on research, overall code quality appears to have dropped since the introduction of GitHub Copilot a year ago.
The GitClear study looked at the quality of generated code one year after the introduction of t... Read more
Critical supply chain attack possible via PyTorch
Using self-hosted runners in PyTorch for GitHub operations leads to several vulnerabilities, security engineer John Stawinski IV discovered. This can lead to many malicious actions.
According to security engineer John Stawinski IV, Meta's popular open-source framework PyTorch uses so-called self... Read more
Any GitHub user can now apply for its Certifications program
GitHub has now made its own Certifications program generally accessible. Interested users can now apply for four certifications.
GitHub recently made its certifications program, previously available only to GitHub partners and employees, now generally accessible.
With these certifications, a... Read more
GitHub Copilot Chat makes AI programming assistance even more nimble
GitHub Copilot aims to help programmers do their jobs faster. It recently made Copilot Chat generally available, a "core part" of its own developer platform, according to GitHub.
With Copilot Chat, a programmer can interact with an AI assistant to translate code to another programming language, ... Read more
GitHub soon to make 2FA mandatory; quick activation desired
GitHub users should activate two-factor authentication (2FA) soon. In fact, as of Jan. 19, 2024, it will be mandatory. Otherwise, they will lose a lot of functionality, the developer platform reports.
That's according to emails to users. If they are not using 2FA by then, the functionality of th... Read more
Visual Studio 17.8 already available in Preview form
Microsoft has already released a preview of version 17.8. The timing is remarkable since Visual Studio 17.7 has only just become available. Again, this version has several new features.
Microsoft didn't waste any time and released the first preview for successor v17.8 just after the general rele... Read more
Hugging Face, GitHub, others fight to protect open-source in AI Act
A coalition of companies argues in a fire letter that open-source innovation should be protected in the new EU AI Act. By doing so, they want to ensure that any requirements do not hinder open-source AI development work.
The alliance of AI developers, including Hugging Face, GitHub, EleutherAI, ... Read more
GitHub moves to support passwordless authentication with passkeys
Developer platform GitHub now supports passwordless authentication in a public beta form. This allows users to update their security keys to use passkeys for login purposes.
Passkeys allow users to associate login information with hardware-based keys. These keys can be used with other authentica... Read more
GitHub Enterprise Cloud gets limit on audit log search queries
GitHub is instituting a limit on audit log search queries for Enterprise Cloud. Users can perform a maximum of 15 search queries per minute starting August 1. The aim is to relieve pressure on data stores.
Through the audit log API, Enterprise Cloud users can automatically pull in near real-time... Read more