Pierluigi Paganini November 04, 2019

The popular code hosting platform GitLab is considering to block new hires from China and Russia due to espionage concerns.

GitLab is a popular code hosting platform GitLab that is currently used by several major tech companies including IBM, Sony, NASA, Alibaba, Oracle, Invincea, Boeing, and SpaceX.

The news was confirmed by Eric Johnson, VP of Engineering at GitLab, companies using GitLab fear that employees in China and Russia could operate under the control of their governments to steal their projects and to spy on their activities. The final decision on the “Support Engineer Job family country-of-residence block” will be announced on November 6.

“In e-group on Monday October 15, 2019 we took the decision to enable a “job family country-of-residence block” for team members who have access to customer data.” read a discussion posted on GitLab website. “This is at the expressed concern of several enterprise customers, and also what is becoming a common practice in our industry in the current geopolitical climate.

The countries involved are:

• China
• Russia”

GitLab aims at banning the hiring of Site Reliability Engineers and Support Engineers, because these the two professional positions are tasked of providing tech support to GitLab’s enterprise customers.

In order to do their job, both Site Reliability Engineers and Support Engineers have full access to the customers’ data.

Johnson also pointed out that local intelligence services could coerce GitLab in countries such as Russia and China to pass them the information on customers.

“We do not have a technical way, today, to handle this based on permissions. Doing so would also force us to confront the possibility of creating a “second class of citizens” on certain teams who cannot take part in 100% of their responsibilities, which is a dynamic some of us have experienced at other companies and found highly negative.” Johnson explained. “As such we feel a country block is the most humane solution at this time–especially because it affects zero current employees.”

ZDnet highlighted in a blog post the statement of GitLab CEO Sid Sijbrandij that confirmed in a HackerNews post, that the company currently does not employ any support staff from China or Russia, this means that the company will not fire people due to the ban.

If the ban will be approved, support staff members would also not be allowed to move to China or Russia.

Pierluigi Paganini

(SecurityAffairs – GitLab, cyberespionage)

[adrotate banner=”5″]

[adrotate banner=”13″]