NSA Opens GitHub Account, Lists 32 Projects Developed By the Agency

An anonymous reader quotes a report from The Hacker News: The National Security Agency (NSA) -- the United States intelligence agency which is known for its secrecy and working in the dark -- has finally joined GitHub and launched an official GitHub page. GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP), while some of these are "coming soon." "The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace," the agency wrote on the program's page. "OSS invites the cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community's enhancements to the technology." Many of the projects the agency listed are years old that have been available on the Internet for some time. For example, SELinux (Security-Enhanced Linux) has been part of the Linux kernel for years.

Not the first

[blueg3]

FYI, they've had things on Github for a while. Just maybe not under the NSA name.

Re:Not the first

[TheRaven64]

If you want a much better conspiracy theory, consider that there's a whole category of exploit related to null pointer dereferences that was only made possible by SELinux. Either the NSA didn't think about it when they wrote that code, or they intentionally introduced something that made it possible to compromise the systems from a self-selected group of people who care about security.

Honeypot ...

[CaptainDork]

... just sayin'.

Re:Honeypot ...

[AHuxley]

More hearts and minds. They have to find new staff. In the past it was at the very best US/UK universities.
In the very distant past even draft and national service "tests" got used to find low level staff with useful math or language skills.
Now its all about social media, conventions and been online.
The other method is to set up long term educational efforts but other nations/cults/faiths tend to notice such public efforts and flood such courses with their own long term agents.
The mistakes of using new contractors or just trusting people from good universities have been understood over the decades.
So now its social media and the internet to find and attract skilled, loyal, hard working staff.
Vetting has to be perfect every generation hired or 1930's UK staff issues return. Other faiths, cults, nations will just game the out reach efforts with computer skills and needed languages.
East Germany would often place the most low level staff into West German gov/brands. Decades later it was expected that they could rise up to be middle or upper management.
Other nations have learned from the US need for skills, translators and have taken note of a lack of real vetting due to domestic political considerations.

Late to the party

[nickovs]

The British information security services, GCHQ, have been posting interesting and useful stuff to GitHub for a while. In fact if you want to do interesting analytics on graphs with annotations to both arcs and nodes they have released some pretty neat tools, and they're not just useful for finding terrorists on social networks.

Re:backdoors

[MangoCats]

Since it's on GitHub, presumably as source, but even some binaries could be analyzed... That would be quite the feather in a White Hat (or Black one for that matter), exposing the NSA backdoor in a supposedly secure module. Plenty of people out there with too much time on their hands and an interest in exposing things like that.