GitHub to prohibit code that’s used in active attacks

The coding repository updates its policies to tighten up security in light of concerns it might be exploited

GitHub has instigated a series of updates to its policies to reduce the potential for hackers to abuse the platform, which includes blocking any code that's used in ongoing attacks.

Revisions to the open source platform's policies on security research, malware and exploits are to ensure the platform remains open to security researchers while maintaining enough safeguards to ensure that GitHub isn't abused. 

As part of the changes, GitHub has stressed it's explicitly allowing dual-use security technologies and content related to security research, in that details around exploit mechanisms are published with positive intentions. The platform will, however, take action against any projects that may lead to causing harm to others. 

"We understand that many security research projects on GitHub are dual-use and broadly beneficial to the security community," said GitHub's chief security officer, Mike Hanley. "We assume positive intention and use of these projects to promote and drive improvements across the ecosystem.

"We do not allow use of GitHub in direct support of unlawful attacks that cause technical harm, which we've further defined as overconsumption of resources, physical damage, downtime, denial of service, or data loss."

The nature of open source means developers are generally free to upload their own code or projects and contribute to the work of others, with GitHub serving as a key platform for allowing that collaboration. 

Users are prohibited, however, from uploading or sharing any content through the platform which can be used to deliver malicious files, or from manipulating GitHub in such a way that it can serve as C&C infrastructure. 

Where there's widespread abuse of dual-use security content, GitHub's policies suggest that moderators will restrict access to that content in order to disrupt ongoing attacks or malware campaigns. In most instances, content will be placed behind an authentication barrier, but as a last resort, the platform may even disable access or fully remove projects. 

The site has also established an appeals process for repository owners who feel their content has been restricted unfairly. 

Because GitHub is an open platform, anchored in the open source ethos, many have raised concerns through the years that hackers and cyber crime gangs have taken advantage of these principles to expand their activities. 

Related Resource

A guide to enterprise detection and response providers

The 12 providers that matter most and how they stack up

Forrester enterprise detection WPDownload now

For example, Avast researchers identified several instances of hackers uploading cryptocurrency mining malware onto GitHub in 2018 by "forking" other people's legitimate projects, and adding malicious code to the repository.

Last year, meanwhile, several GitHub projects related to the NetBeans Java software were infected with malware known as Octopus Scanner that carved backdoors and infected files with a payload

GitHub's policy changes come several weeks after the platform announced it wanted to consult with developers over how best to tighten up the general security of the ecosystem while preserving the integrity of security research. 

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022