How do you secure Github today?

Recently had an engineer on the team make a repo Public on accident that got reported into our bug bounty program (thank goodness cause we we would have never known otherwise).

We can remove the option for anyone to do this it seems but it led me to the question and others like it. Like how do you monitor for repo's going public? How do you know if someone adds a new outside collaborator they shouldn't have? Or forget to remove people when they leave?

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s