Mike Hanley

@_mph4

Chief Security Officer (previously CISO , VP Security , Sr. MTS .) and alum. Tweets are my own.

Ann Arbor, MI
Joined August 2015
27 Photos and videos Photos and videos

Tweets

You blocked @_mph4

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @_mph4

  1. Retweeted
    Sep 8

    ⚠️ action recommended: following newly discovered vulnerabilities in `tar` and `@npmcli/arborist`, we recommend upgrading to the latest versions of 12 / 14 / 16 or npm 6 / 7 as well as updating any dependencies you may have on `tar`. read more:

    104 retweets 147 likes
    Undo
  2. Retweeted
    Sep 1

    My colleague, , is hiring an eng leader for Dependabot — a critical part of the software supply chain with big product and engineering challenges. Awesome place to have real impact.

    4 retweets 8 likes
    Undo
  3. Retweeted
    Sep 1

    We're improving the security of data in flight by dropping some older SSH ciphers and the unauthenticated git:// protocol. Timeline and details below. 👇

    48 retweets 135 likes
    Undo
  4. Retweeted
    Aug 24

    Second up, we added an org-level API for secret scanning alerts on private repos. The data was already available at the repo-level, but with the org-level endpoint you don't have to page through all your repos.

    3 retweets 13 likes
    Show this thread
    Show this thread
    Undo
  5. Retweeted
    Aug 24

    Two nice little ships for GitHub secret scanning today. First up, PlanetScale joined the public repo secret scanning program. If you accidentally leak a PlanetScale API key into a public repo they'll automatically revoke it. Definitely a good thing!

    1 reply 3 retweets 30 likes
    Show this thread
    Show this thread
    Undo
  6. Aug 24

    And by official, I mean yesterday was my 6 month anniversary. 😂 Love it here! ❤️

    16 likes
    Show this thread
    Show this thread
    Undo
  7. Aug 23

    I think this makes us official

    4 replies 127 likes
    Show this thread
    Show this thread
    Undo
  8. Aug 19

    I am deeply passionate about strong / usable / accessible security capabilities and I'm excited to continue to work on problems like this at massive scale w/ the whole team . For more backstory on this change:

    As of August 13, we no longer accept password authentication for Git operations. gives a rundown of available 2FA options - including a GitHub-branded YubiKey!
    Show this thread
    1 reply 1 retweet 22 likes
    Undo
  9. Retweeted
    Aug 16

    As of August 13, we no longer accept password authentication for Git operations. gives a rundown of available 2FA options - including a GitHub-branded YubiKey!

    15 replies 268 retweets 778 likes
    Show this thread
    Show this thread
    Undo
  10. Retweeted
    Aug 13

    Password support for git authentication has been removed from GitHub. While it isn't the most flashy ship, it's the culmination of a lot of work. Some backstory over the last 3+ years leading up to this 🧵. tl;dr passwords are bad.

    7 replies 72 retweets 286 likes
    Show this thread
    Show this thread
    Undo
  11. Retweeted
    Aug 13

    TLDR - good account security is a lot of hard work. 👏 to all the folks that have been involved throughout this long journey.

    Password support for git authentication has been removed from GitHub. While it isn't the most flashy ship, it's the culmination of a lot of work. Some backstory over the last 3+ years leading up to this 🧵. tl;dr passwords are bad.
    Show this thread
    4 retweets 14 likes
    Undo
  12. Retweeted
    Aug 12

    👋 A few things I wanted to convey as a small addendum to the “GitHub’s Engineering team has moved to Codespaces” blog yesterday. Hopefully what follows below provides a bit more context / answers some common questions I’ve seen...

    4 replies 53 retweets 194 likes
    Show this thread
    Show this thread
    Undo
  13. Retweeted
    Aug 11

    Wonder what would happen if you went on a repo and changed the URL from "" to ""? 🙊

    103 replies 1,129 retweets 3,978 likes
    Show this thread
    Show this thread
    Undo
  14. Retweeted
    Aug 11

    🤫 New shortcut: Press . on any GitHub repo.

    Edit multiple files in any GitHub repo
    320 replies 5,046 retweets 17,113 likes
    Undo
  15. Retweeted
    Aug 11

    I helped lead the migration from local macOS dev to Codespaces and went from skeptic to believer along the way; cloud-based development is the future.

    30 replies 154 retweets 821 likes
    Undo
  16. Retweeted
    Aug 10

    Follow on another CodeQL adventure as he builds and iterates on top of prior community findings to find and fix additional vulnerabilities in NSA's Emissary software: "Don't shoot the emissary"

    42 retweets 90 likes
    Undo
  17. Retweeted
    Aug 3

    A great opportunity to help secure the open source community

    I'm hiring engineers interested in application security. We're on a mission to make contributing to and consuming security advisories more accessible outside traditional appsec communities. DMs open if you have any questions!
    2 retweets 6 likes
    Undo
  18. Retweeted
    Aug 3

    I'm hiring engineers interested in application security. We're on a mission to make contributing to and consuming security advisories more accessible outside traditional appsec communities. DMs open if you have any questions!

    2 replies 24 retweets 36 likes
    Undo
  19. Retweeted
    Aug 2

    Three years ago, ⁦we all found out at ⁦⁩ we were being acquired by ⁦🚀

    5 replies 2 retweets 34 likes
    Undo
  20. Jul 20

    Welcome to the team, - happy to have you aboard !

    Very excited to announce I’ve joined as VP, Security Operations! I’m looking forward to working with the amazing team to continue making GitHub the most trustworthy place for developers. Read more about it here:
    4 likes
    Undo

@_mph4 hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·