In the news, Github plans to roll out code signing, which will help strengthen the security of open-source projects.

Signing the code is a great move to close a gap an attacker could otherwise use to abuse the open source ecosystem. This follows other steps that GitHub has taken in recent months, such as requiring two-factor authentication from popular packages, vetting the link to the GitHub user, and more.

We know that attackers will continue to explore the weakest link in the chain, and it’s vitally important to raise the bar and respond to their attacks as quickly as possible.