GitHub Wants Your Policy Proposals

In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over, GitHub (GH) is now stepping up their policies for server configuration and standardizing metrics for use by developers on GH. With everything from indexing methodologies to configuration policies, GH has started a campaign that is aimed at gathering policy proposals from the developer community, in order to get a more diverse view of the situation and a wider range of potential solutions. A couple examples of proposed policies already are from GitHub developers TC39 and WebAssembly, covering a proposed indexing method and content security policies, respectively.


TC39’s proposal covers a relative indexing method that is being requested to be added to JavaScript, which would enable the user to access the index of an array using negative indexing syntax. This method does not exist in JavaScript, as it doesn’t allow the user to count from the back of an array. This method does exist in Python, but since Python is not built for the web, the only methods for web-based developing are hacked together and insecure. The policy proposal by WebAssembly is a sandbox-type security model, that enables modules that were developed in GitHub to have limited interaction with the host, compensating for security issues such as the manipulation of return addresses or other stack data from the host.

GitHub’s encouragement of policy creation by its developers isn’t something that resulted directly from this Twitch leak – however, it has most certainly had an influence on their search for, response to, and implementation of developer policies in the future. Had some of these policies and methodologies been implemented before the leak, chances are, the configuration issue that resulted in a third-party gaining access would have been closed off, and millions of lives and livelihoods would not have been destroyed. Despite the basis for this attack, which, according to 4chan, is because Twitch is a ‘toxic cesspool’ (which I will not disagree with), it still disrupted the daily routines and income of many. Building a wider base of policy proposals (which you can contribute to here) and new approaches to online functions, we can only hope that GH and other source-hosting services can prevent such disasters in the future.


GitHub. (2021). Setting policies for organizations in your enterprise account. Retrieved from 

GitHub. (2021). GitHub policy · GitHub. Retrieved from 

GitHub. (2021, August 9). Defining Standardized GitHub Metrics for International Development, Public Policy and Economics Research and Indexes. Retrieved from 

GitHub. (n.d.). ECMA TC39. Retrieved from 

GitHub. (n.d.). Tc39/proposal-relative-indexing-method: A TC39 proposal to add an .at() method to all the basic indexable classes (Array, string, TypedArray). Retrieved from 

GitHub. (n.d.). WebAssembly. Retrieved from 

Hamilton, I. A. (2021, October 7). Twitch gave a brief explanation for the giant leak that exposed creator payouts, source code, and more. Retrieved from 

Kumar, M. (2021, September 20). Request for proposals: Defining standardized GitHub metrics. Retrieved from 

Shape_Grifter. (2021, October 6). Twitch hacked, entirety leaked on 4Chan. Retrieved from,%E2%80%9Ctoxic%20cesspool.%E2%80%9D,-Which%20is%2C%20admittedly 

TC39. (2021, August 3). Tc39/proposal-relative-indexing-method: A TC39 proposal to add an .at() method to all the basic indexable classes (Array, string, TypedArray). Retrieved from 

W3schools. (n.d.). Python string negative indexing. Retrieved from 

Posted on Oct 25, 2021 5:20:17 PM by Micah Turpin in Cyber Security, in UAT News

Micah Turpin

Written by Micah Turpin

Micah Turpin is from Jacksonville, Florida, and is currently a Network Security and Artificial Intelligence major at the University of Advancing Technology. While getting a bit of a late start in the tech world, he has jumped head-first into the alternate universe that exists in the cyber realm, with one of his favorite pastimes being sifting through large amounts of data to find threats, dangers, and relevant cyber news. You can find Micah working on a hobby project in the Maker’s Lab, playing chess, or Nerfing with his fellow classmates on Friday night!


Email me when there is a new post.

I'd like more information about UAT

Lists by Topic

see all

Recent Posts

Posts by Topic

see all

Posts by Author

see all