Security News > 2021 > April > Cybersecurity Community Unhappy With GitHub's Proposed Policy Updates
GitHub wants to update its policies regarding security research, exploits and malware, but the cybersecurity community is not happy with the proposed changes.
The community has been asked to provide feedback until June 1 on proposed clarifications regarding exploits and malware hosted on GitHub.
"Our policy updates focus on the difference between actively harmful content, which is not allowed on the platform, and at-rest code in support of security research, which is welcome and encouraged. These updates also focus on removing ambiguity in how we use terms like 'exploit,' 'malware,' and 'delivery' to promote clarity of both our expectations and intentions," Mike Hanley, the CSO of GitHub, said in a blog post on Thursday.
He added, "These updates are aimed to set clear parameters for the security research community on how GitHub responds to abuse reports relating to malware and exploits on the platform, as well as provide transparency into how GitHub decides whether or not to place restrictions on projects."
GitHub at the time said it removed the PoC in accordance with its acceptable use policies, and some experts pointed out that GitHub had in fact removed exploits targeting other vendors' products, suggesting that the Exchange exploit wasn't removed only because it was detrimental to Microsoft.
"Under no circumstances will users upload, post, host, execute, or transmit any content that: contains or installs malware or exploits that are in support of ongoing and active attacks that are causing harm," reads the updated policy proposed by GitHub.