|
|
|
|
|
|
by philipwhiuk
8 days ago
|
|
|
* GitHub [which they own] failed to detect the account was compromised * GitHub [which they own] allowed the contribution to ignore CI * GitHub [which they own] failed to detect suspicious content on check-in * GitHub [which they own] isn't sufficiently integrated into Microsoft security that the compromised token wasn't rolled. |
|
|