GitHub wants to update its policies regarding security research, exploits and malware, but the cybersecurity community is not happy with the proposed changes.
The community has been asked to provide feedback until June 1 on proposed clarifications regarding exploits and malware hosted on GitHub.
“Our policy updates focus on the difference between actively harmful content, which is not allowed on the platform, and at-rest code in support of security research, which is welcome and encouraged. These updates also focus on removing ambiguity in how we use terms like ‘exploit,’ ‘malware,’ and ‘delivery’ to promote clarity of both our expectations and intentions,” Mike Hanley, the CSO of GitHub, said in a blog post on Thursday.
He added, “These updates are aimed to set clear parameters for the security research community on how GitHub responds to abuse reports relating to malware and exploits on the platform, as well as provide transparency into how GitHub decides whether or not to place restrictions on projects.”
The proposed changes come after the Microsoft-owned code sharing service removed a proof-of-concept (PoC) exploit for the recently disclosed Microsoft Exchange vulnerabilities that have been exploited in many attacks. Some members of the cybersecurity industry were unhappy with the decision, alleging that it was likely only removed because it targeted Microsoft products and that similar exploits targeting software from other vendors have not been removed.
GitHub at the time said it removed the PoC in accordance with its acceptable ..
Support the originator by clicking the read the rest link below.
