GitHub has joined an amicus brief in the legal case NSO v. WhatsApp, opposing the extension of foreign sovereign immunity to private cyber-surveillance companies that operate on behalf of foreign governments, alongside prominent tech companies like Cisco, Google, LinkedIn, Microsoft, VMware, and the Internet Association. The brief argues that granting immunity to private sector offensive actors (PSOAs) would increase systemic risks within the software ecosystem by encouraging the proliferation of cyber-surveillance tools and their use by governments in attacks on individuals and infrastructure. GitHub emphasizes its commitment to creating a secure global platform for developer collaboration and opposes the hoarding and sale of exploits and surveillance tools, which could potentially harm developers, open source projects, and the software supply chain. The company calls for government support in reducing systemic risks by adopting secure software development practices, funding open source security projects, and protecting legitimate security researchers. GitHub's stance is that immunity for companies that exploit vulnerabilities rather than collaborating to fix them would be detrimental to global cybersecurity efforts.