Yes, a forum of people interested in software development might care that most new repositories created on the most popular website for sharing open source code will end up spoofed and sharing malware?
As I wrote in this issue, I am exhausted. Microsoft has plenty of money to handle issues like this and chooses not to do so. I have spent hours now reaching out to GitHub in vain, tracking down people affected, and trying to figure out how to get someone to give one single flying fuck.
So what the hell. Let’s make the CISO’s slideshow intro to GitHub popular.
Thanks, I just find it wild that Microsoft appears wholly uninterested in policing what seems like a huge legal liability to their business. I’ll start reaching out to as many journalists as I can with what I’ve got. They seem a little overwhelmed from the two I’ve already reached out to.
Edited to add: I’ve also been hoping that I could avoid giving the attackers too much of a heads up, but at this point the risk is higher that nothing gets done about it at all.
I'm also curious about this. We were accepted into Stripe Atlas but too late – we ended up forming our company while on the waiting list and couldn't partake.
