Security News > 2021 > June > GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks

Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service.

Stating that it will not allow the use of GitHub in direct support of unlawful attacks or malware campaigns that cause technical harm, the company said it may take steps to disrupt ongoing attacks that leverage the platform as an exploit or a malware content delivery network.

To that end, users are refrained from uploading, posting, hosting, or transmitting any content that could be used to deliver malicious executables or abuse GitHub as an attack infrastructure, say, by organizing denial-of-service attacks or managing command-and-control servers.

The changes come into effect after the company, in late April, began soliciting feedback on its policy around security research, malware, and exploits on the platform with the goal of operating under a clearer set of terms that would remove the ambiguity surrounding "Actively harmful content" and "At-rest code" in support of security research.

By not taking down exploits unless the repository or code in question is incorporated directly into an active campaign, the revision to GitHub's policies is also a direct result of widespread criticism that followed in the aftermath of a proof-of-concept exploit code that was removed from the platform in March 2021.

GitHub at the time said it removed the PoC in accordance with its acceptable use policies, citing it included code "For a recently disclosed vulnerability that is being actively exploited."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/F1rwzySI_X0/github-updates-policy-to-remove-exploit.html