Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

GitLab plans to ban hires in China and Russia due to espionage concerns

The popular code hosting platform GitLab is considering to block new hires from China and Russia due to espionage concerns. GitLab is a popular code hosting platform GitLab that is currently used by several major tech companies including IBM, Sony, NASA, Alibaba, Oracle, Invincea, Boeing, and SpaceX. The news was confirmed by Eric Johnson, VP […]

GitLab CE

The popular code hosting platform GitLab is considering to block new hires from China and Russia due to espionage concerns.

GitLab is a popular code hosting platform GitLab that is currently used by several major tech companies including IBM, Sony, NASA, Alibaba, Oracle, Invincea, Boeing, and SpaceX.

The news was confirmed by Eric Johnson, VP of Engineering at GitLab, companies using GitLab fear that employees in China and Russia could operate under the control of their governments to steal their projects and to spy on their activities. The final decision on the “Support Engineer Job family country-of-residence block” will be announced on November 6.

“In e-group on Monday October 15, 2019 we took the decision to enable a “job family country-of-residence block” for team members who have access to customer data.” read a discussion posted on GitLab website. “This is at the expressed concern of several enterprise customers, and also what is becoming a common practice in our industry in the current geopolitical climate.

The countries involved are:

  • China
  • Russia”

GitLab aims at banning the hiring of Site Reliability Engineers and Support Engineers, because these the two professional positions are tasked of providing tech support to GitLab’s enterprise customers.

In order to do their job, both Site Reliability Engineers and Support Engineers have full access to the customers’ data.

Johnson also pointed out that local intelligence services could coerce GitLab in countries such as Russia and China to pass them the information on customers.

“We do not have a technical way, today, to handle this based on permissions. Doing so would also force us to confront the possibility of creating a “second class of citizens” on certain teams who cannot take part in 100% of their responsibilities, which is a dynamic some of us have experienced at other companies and found highly negative.” Johnson explained. “As such we feel a country block is the most humane solution at this time–especially because it affects zero current employees.”

ZDnet highlighted in a blog post the statement of GitLab CEO Sid Sijbrandij that confirmed in a HackerNews post, that the company currently does not employ any support staff from China or Russia, this means that the company will not fire people due to the ban.

If the ban will be approved, support staff members would also not be allowed to move to China or Russia.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – GitLab, cyberespionage)

[adrotate banner=”5″]

[adrotate banner=”13″]