Joseph Katsioloudes

How GitHub secures open source

What if you could ask AI, "how are you gonna hack my project?" Learn how GitHub is making every developer a security expert.

How GitHub secures open source
#1about 4 minutes

The scale and challenge of securing open source

Open source software underpins trillions of dollars in value but often relies on under-resourced maintainers, creating significant security risks.

#2about 2 minutes

Automating vulnerability detection with code scanning

Static application security testing (SAST) tools like GitHub code scanning can automatically find about 50% of vulnerabilities before production.

#3about 3 minutes

Using AI to automatically fix security vulnerabilities

The primary challenge in security is fixing, not detection, and AI-powered tools can automatically generate code fixes within pull requests.

#4about 2 minutes

Preventing leaked secrets and managing dependencies

Leaked credentials are a top cause of breaches, so secret scanning prevents them from being committed, while Dependabot automates dependency updates.

#5about 2 minutes

Reclaiming developer time with AI-powered tooling

Developers spend nearly a third of their time finding and fixing security issues, but AI tooling can free them up for more proactive security reviews.

#6about 2 minutes

Getting security guidance with AI assistants

AI assistants can analyze open source projects to assess their security posture and help determine if they align with your risk appetite.

#7about 5 minutes

Hands-on security training for developers

Interactive, browser-based training like the Secure Code Game helps developers practice fixing real-world vulnerabilities from the OWASP Top 10 and AI security.

#8about 1 minute

Funding and mentorship for open source projects

A dedicated fund provides open source projects with $10,000 annually, plus three weeks of security training and mentorship from experts.

#9about 4 minutes

Leveraging AI for code fixing versus detection

While expert tools are better for vulnerability detection, AI excels at fixing code and can use an agent mode to automate the entire fix-and-test cycle.

#10about 2 minutes

Summary of how GitHub secures open source

GitHub secures open source through a combination of high-quality research, AI, improved developer experience, community collaboration, and education.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

How Codespaces improves open source and security
20:11 MIN

How Codespaces improves open source and security

How we will build the software of tomorrow

Using open source tools to secure the entire SDLC
04:17 MIN

Using open source tools to secure the entire SDLC

Open Source Secure Software Supply Chain in action

Addressing security and connectivity for remote employees
22:21 MIN

Addressing security and connectivity for remote employees

Coffee With Developers - Kyle Daigle, COO of GitHub

Sourcing security challenges and embracing open source contributions
07:36 MIN

Sourcing security challenges and embracing open source contributions

Security Blindspots and How to Learn About Them - Anna Oliveira

Avoiding common security mistakes and giving better feedback
55:17 MIN

Avoiding common security mistakes and giving better feedback

The weekly developer show: Boosting Python with CUDA, CSS Updates & Navigating New Tech Stacks

Q&A on vulnerable libraries and team security responsibility
25:56 MIN

Q&A on vulnerable libraries and team security responsibility

Security Pitfalls for Software Engineers

How GitHub evolved from a Git wrapper to a social platform
00:19 MIN

How GitHub evolved from a Git wrapper to a social platform

Coffee With Developers - Kyle Daigle, COO of GitHub

Hardening the CI/CD pipeline with automated security tools
11:13 MIN

Hardening the CI/CD pipeline with automated security tools

You can’t hack what you can’t see

Featured Partners

Related Videos

See all videos
Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

Simple Steps to Kill DevSec without Giving Up on Security21:53

Simple Steps to Kill DevSec without Giving Up on Security

Isaac Evans

Supply Chain Security and the Real World: Lessons From Incidents24:47

Supply Chain Security and the Real World: Lessons From Incidents

Adrian Mouat

The Road to One Billion Developers26:52

The Road to One Billion Developers

Thomas Dohmke & Demetris Cheatham

The transformative impact of GenAI for software development and its implications for cybersecurity25:19

The transformative impact of GenAI for software development and its implications for cybersecurity

Chris Wysopal

How we will build the software of tomorrow35:31

How we will build the software of tomorrow

Thomas Dohmke

Open Source Secure Software Supply Chain in action32:55

Open Source Secure Software Supply Chain in action

Natale Vinto

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 151: SEO in an AI world, security fixes and Doomed PDFs
Inside last week’s Dev Digest 151 . 🔎 How ChatGPT compares to search and what that means for SEO ✂️ Job cuts across the board as companies curb DEI programs 🟨 @Microsoft releases 161 Windows security updates ⚠️ @Google’s OAuth bug endangers million...
Dev Digest 151: SEO in an AI world, security fixes and Doomed PDFs
DC
Daniel Cranney
Dev Digest 190: GitHub A11Y action, >12s Sora 2 videos and 42 CSS units!
Inside last week’s Dev Digest 190 . 🙅 Developers don’t trust AI, and that’s a good thing 🤖 Why everyone is talking about AI agents 🔓 Autonomous AI hacking and the future of cyber security 😨 Windows 10 support ends, millions of PC’s fall off a securi...
Dev Digest 190: GitHub A11Y action, >12s Sora 2 videos and 42 CSS units!

From learning to earning

Jobs that call for the skills explored in this talk.