with support from
SHELLEY MCKINLEY is the Chief Legal Officer of GitHub
As modern warfare increasingly extends into the digital space, the global tech community has been playing an important role responding to, and building societal resilience against, hybrid threats. The Russian invasion of Ukraine has proved to be an inflection point for cyber operations, with developers on the digital front lines racing to strengthen defenses from cyberattacks. Home to more than 100 million developers, GitHub has had a front-row seat to these efforts.
Developers—even those in Ukraine directly affected by the war—have been using their skills not only to help with cyber defense and cybersecurity but also to supply the population with online tools. In the early days of the conflict, open-source developers vetted and aggregated information to build a heat map for tracking and avoiding war zones. Developers also built a centralized guide of border-crossing information that Ukrainians could reference to leave the country safely. As the Russian government’s ongoing misinformation campaigns have intensified throughout the conflict, these types of resources have become increasingly valuable for Ukrainians seeking reliable information to protect themselves. Meanwhile, 100,000 tech workers left Russia in 2022 following the invasion, resulting in a large decrease in developer activity from Russia and large increases in such countries as Armenia, Georgia, and Turkey.
For developers, cybersecurity is a global collaboration to prevent and fix vulnerabilities before they can be exploited by cyber criminals. Attacks by state actors, particularly during war, put the security of the software ecosystem to the test and raise the stakes. Ukraine has been successful in mitigating damage to its cyber infrastructure because collective action across a broad spectrum of partners—in both government and industry—has given it an advantage in monitoring for threats and quickly identifying and patching vulnerabilities.
Software development services like GitHub provide platforms for developers to collaborate on securing the software ecosystem, including both proprietary software and open-source software that is free for anyone to use, modify, and share. Developers can leverage features that identify and scan code for weaknesses, alert them to patches for vulnerabilities, and use artificial intelligence tools with vulnerability-prevention systems. Companies like GitHub are also working across the industry with the Open Source Security Foundation to secure the entire supply chain and enable security researchers while thwarting active attacks. But beyond industry efforts, it is also important for governments to protect and support developers’ security work, including by incentivizing vendors to take responsibility for the cybersecurity of their products.
The war in Ukraine has made it clearer than ever that the tech industry has a meaningful role to play in minimizing impacts of geopolitical conflict and supporting aid efforts. With more than 96 percent of the world’s source code containing free and open-source software, it is important to protect open-source collaboration and the free flow of information across the global developer community. One crucial component of this is keeping software development services like GitHub open and available to developers—no matter where they reside—while complying with sanctions. Providing these services in countries that restrict internet access is essential for communications and humanitarian work as well as freedom of expression. In an age of escalating cyber warfare, safeguarding the interconnected developer ecosystem is crucial to ensure the resilience, innovation, and collective defense needed to counter constantly evolving digital threats.
Shelley McKinley is a Vice President at Microsoft and the Chief Legal Officer of GitHub, where she leads a broad team responsible for legal, policy, platform trust and safety, social impact, and accessibility. Prior to her current role, she was the Vice President of Microsoft’s Technology and Corporate Responsibility organization, where she oversaw programs aimed at ensuring that technology is used to benefit society—including Microsoft’s efforts in sustainability, accessibility, justice reform, human rights, and responsible artificial intelligence. She has also led legal, corporate, and external affairs teams across Europe and worked on products in Microsoft’s gaming division, including Xbox and HoloLens.
David Agranovich
Detect, Disrupt, Deter: The Multistakeholder Threat-Disruption Model
The tech industry was first to push back as cyber mercenaries launched influence operations, malware development, and espionage, but governments are catching up.
David van Weel
A Proactive Approach to the Cyber Domain Strengthens NATO’s Deterrence and Defense Posture
Responding to the growing threat of hostile cyber operations requires a mindset shift toward greater civilian–military cooperation as well as more engagement with the private sector.
Stéphane Duguin
Tracing Cyberattacks in Times of Conflict: The Hard Path to Cyber Peace
Transparency and rigorous data collection are essential to credibly tracking cyber operations during the Russia–Ukraine war— as are being neutral and facilitating redress for all victims.