GitHub announced on Friday their updated community guidelines that explain how the company will deal with exploits and malware samples hosted on their service.
To give some background behind the new policy changes, security researcher Nguyen Jang uploaded a proof-of-concept exploit (PoC) to GitHub in March for the Microsoft Exchange ProxyLogon vulnerability.
Soon after uploading the exploit, Jang received an email from Microsoft-owned GitHub stating that PoC exploit was removed as it violated the Acceptable Use Policies.
In a statement to BleepingComputer, GitHub said they took down the PoC to protect Microsoft Exchange servers that were being heavily exploited at the time using the vulnerability.
"We understand that the publication and distribution of proof of concept exploit code has educational and research value to the security community, and our goal is to balance that benefit with keeping the broader ecosystem safe. In accordance with our Acceptable Use Policies, GitHub disabled the gist following reports that it contains proof of concept code for a recently disclosed vulnerability that is being actively exploited." - GitHub.
However, GitHub faced immediate backlash from security researchers who felt that GitHub was policing the disclosure of legitimate security research simply because it was affecting a Microsoft product.
GitHub releases updated guidelines
In April, GitHub issued a 'call for feedback' to the cybersecurity community regarding their policies for malware and exploits hosted on GitHub.
After a month of input, GitHub officially announced yesterday that repositories created to hos ..
Support the originator by clicking the read the rest link below.
