GitHub's new policies allow removal of PoC exploits used in attacks

2021-06-05 16:56

Soon after uploading the exploit, Jang received an email from Microsoft-owned GitHub stating that PoC exploit was removed as it violated the Acceptable Use Policies.

GitHub faced immediate backlash from security researchers who felt that GitHub was policing the disclosure of legitimate security research simply because it was affecting a Microsoft product.

In April, GitHub issued a 'call for feedback' to the cybersecurity community regarding their policies for malware and exploits hosted on GitHub.

We have clarified how and when we may disrupt ongoing attacks that are leveraging the GitHub platform as an exploit or malware content delivery network.

We do not allow use of GitHub in direct support of unlawful attacks that cause technical harm, which we've further defined as overconsumption of resources, physical damage, downtime, denial of service, or data loss.

While dual-use content is allowed, the new GitHub guidelines around PoCs and malware states that they retain the right to remove dual-use content, such as exploits or malware, to disrupt active attacks or malware campaigns utilizing GitHub.

News URL

https://www.bleepingcomputer.com/news/security/githubs-new-policies-allow-removal-of-poc-exploits-used-in-attacks/

#attack #exploit #github #POC

News URL

Related news