GitHub Wants Your Policy Proposals

In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their policies for server configuration and standardizing metrics for use by developers on GH. With everything from indexing methodologies to configuration policies, GH has started a campaign that is aimed at gathering policy proposals from the developer community, in order to get a more diverse view of the situation and a wider range of potential solutions. A couple examples of proposed policies already are from GitHub developers TC39 and WebAssembly, covering a proposed indexing method and content security policies, respectively.

GitHub

TC39’s proposal covers a relative indexing method that is being requested to be added to JavaScript, which would enable the user to access the index of an array using negative indexing syntax. This method does not exist in JavaScript, as it doesn’t allow the user to count from the back of an array. This method does exist in Python, but since Python is not built for the web, the only methods for web-based developing are hacked together and insecure. The policy proposal by WebAssembly is a sandbox-type security model, that enables modules that were developed in GitHub to have limited interaction with the host, compensating for security issues such as the manipulation of return addresses or other stack data from the host.

GitHub’s encouragement of policy creation by its developers isn’t something that resulted directly from this Twitch leak – however, it has most certainly had an influence on their search for, response to, and implementation of developer policies in the future. Had some of these policies and methodologies been implemented before the leak, chances are, the configuration issue that resulted in a third-party gaining access would have been closed off, and millions of lives and livelihoods would not have been destroyed. Despite the basis for this attack, which, according to 4chan, is because Twitch is a ‘toxic cesspool’ (which I will not disagree with), it still disrupted the daily routines and income of many. Building a wider base of policy proposals (which you can contribute to here) and new approaches to online functions, we can only hope that GH and other source-hosting services can prevent such disasters in the future.

References

GitHub. (2021). Setting policies for organizations in your enterprise account. Retrieved from https://docs.github.com/en/github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account 

GitHub. (2021). GitHub policy · GitHub. Retrieved from https://github.com/about/developer-policy/ 

GitHub. (2021, August 9). Defining Standardized GitHub Metrics for International Development, Public Policy and Economics Research and Indexes. Retrieved from https://socialimpact.github.com/assets/img/GitHub_RFP-StandardizedMetrics_FINAL.pdf 

GitHub. (n.d.). ECMA TC39. Retrieved from https://github.com/tc39 

GitHub. (n.d.). Tc39/proposal-relative-indexing-method: A TC39 proposal to add an .at() method to all the basic indexable classes (Array, string, TypedArray). Retrieved from https://github.com/tc39/proposal-relative-indexing-method 

GitHub. (n.d.). WebAssembly. Retrieved from https://github.com/WebAssembly 

Hamilton, I. A. (2021, October 7). Twitch gave a brief explanation for the giant leak that exposed creator payouts, source code, and more. Retrieved from https://www.businessinsider.com/twitch-leak-hacked-explained-how-hackers-breached-data-2021-10?op=1 

Kumar, M. (2021, September 20). Request for proposals: Defining standardized GitHub metrics. Retrieved from https://github.blog/2021-08-31-request-for-proposals-defining-standardized-github-metrics/ 

Shape_Grifter. (2021, October 6). Twitch hacked, entirety leaked on 4Chan. Retrieved from https://gaming.ebaumsworld.com/articles/twitch-hacked-entirety-leaked-on-4chan/87000534/#:~:text=space%2C%E2%80%9D%20calling%20Twitch%20a-,%E2%80%9Ctoxic%20cesspool.%E2%80%9D,-Which%20is%2C%20admittedly 

TC39. (2021, August 3). Tc39/proposal-relative-indexing-method: A TC39 proposal to add an .at() method to all the basic indexable classes (Array, string, TypedArray). Retrieved from https://github.com/tc39/proposal-relative-indexing-method 

W3schools. (n.d.). Python string negative indexing. Retrieved from https://www.w3schools.com/python/gloss_python_string_negative_indexing.asp 

Posted on Oct 25, 2021 5:20:17 PM by Micah Turpin in Cyber Security, in UAT News

Micah Turpin

Written by Micah Turpin

Micah Turpin is from Jacksonville, Florida, and is currently a Network Security and Artificial Intelligence major at the University of Advancing Technology. While getting a bit of a late start in the tech world, he has jumped head-first into the alternate universe that exists in the cyber realm, with one of his favorite pastimes being sifting through large amounts of data to find threats, dangers, and relevant cyber news. You can find Micah working on a hobby project in the Maker’s Lab, playing chess, or Nerfing with his fellow classmates on Friday night!

   

Email me when there is a new post.

I'd like more information about UAT

Lists by Topic

see all

Recent Posts

Posts by Topic

see all

Posts by Author

see all

About Us

UAT_3Dlogo_screenLarge-FRONT

The University of Advancing Technology is the technophile's college experience—a community uniquely suited to provide students passionate about technology an ideal place to live and grow. UAT is a private and family-owned University that merges the values of the traditional academy with the modern technology campus, a fusion that enhances our ability to fulfill the mission of educating students in the fields of advancing technology who innovate for our future.

Posts by Topic

see all
Copyright 2024 | Designed with by HubSpot