GitHub to prohibit code that’s used in active attacks

GitHub code on a dark background
(Image credit: Shutterstock)

GitHub has instigated a series of updates to its policies to reduce the potential for hackers to abuse the platform, which includes blocking any code that's used in ongoing attacks.

Revisions to the open source platform's policies on security research, malware and exploits are to ensure the platform remains open to security researchers while maintaining enough safeguards to ensure that GitHub isn't abused.

As part of the changes, GitHub has stressed it's explicitly allowing dual-use security technologies and content related to security research, in that details around exploit mechanisms are published with positive intentions. The platform will, however, take action against any projects that may lead to causing harm to others.

"We understand that many security research projects on GitHub are dual-use and broadly beneficial to the security community," said GitHub's chief security officer, Mike Hanley. "We assume positive intention and use of these projects to promote and drive improvements across the ecosystem.

"We do not allow use of GitHub in direct support of unlawful attacks that cause technical harm, which we've further defined as overconsumption of resources, physical damage, downtime, denial of service, or data loss."

The nature of open source means developers are generally free to upload their own code or projects and contribute to the work of others, with GitHub serving as a key platform for allowing that collaboration.

Users are prohibited, however, from uploading or sharing any content through the platform which can be used to deliver malicious files, or from manipulating GitHub in such a way that it can serve as C&C infrastructure.

Where there's widespread abuse of dual-use security content, GitHub's policies suggest that moderators will restrict access to that content in order to disrupt ongoing attacks or malware campaigns. In most instances, content will be placed behind an authentication barrier, but as a last resort, the platform may even disable access or fully remove projects.

The site has also established an appeals process for repository owners who feel their content has been restricted unfairly.

Because GitHub is an open platform, anchored in the open source ethos, many have raised concerns through the years that hackers and cyber crime gangs have taken advantage of these principles to expand their activities.


A guide to enterprise detection and response providers

The 12 providers that matter most and how they stack up


For example, Avast researchers identified several instances of hackers uploading cryptocurrency mining malware onto GitHub in 2018 by "forking" other people's legitimate projects, and adding malicious code to the repository.

Last year, meanwhile, several GitHub projects related to the NetBeans Java software were infected with malware known as Octopus Scanner that carved backdoors and infected files with a payload.

GitHub's policy changes come several weeks after the platform announced it wanted to consult with developers over how best to tighten up the general security of the ecosystem while preserving the integrity of security research.

Keumars Afifi-Sabet
Features Editor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.