In a move to help strengthen the open source third party supply chain, GitHub will be mandating all users who contribute code on the platform to enable two factor authentication by the end of 2023. This helps increase the security of the accounts by requiring an additional one-time code during the login process. Account takeovers has been a common supply chain attack method used by malicious actors to inject nefarious code into applications which depend on those open source library. GitHub had imposed the 2FA requirements for active developers of high impact projects earlier in the year. They are now extending this to cover their entire user base. This approach, being secure by default, is going to help make the platform a much safer space and provide users with more confidence in the code that they download.
This segment was created for the It’s 5:05 podcast