GitHub to prohibit code that’s used in active attacks

The coding repository updates its policies to tighten up security in light of concerns it might be exploited

GitHub has instigated a series of updates to its policies to reduce the potential for hackers to abuse the platform, which includes blocking any code that's used in ongoing attacks.

Revisions to the open source platform's policies on security research, malware and exploits are to ensure the platform remains open to security researchers while maintaining enough safeguards to ensure that GitHub isn't abused. 

As part of the changes, GitHub has stressed it's explicitly allowing dual-use security technologies and content related to security research, in that details around exploit mechanisms are published with positive intentions. The platform will, however, take action against any projects that may lead to causing harm to others. 

"We understand that many security research projects on GitHub are dual-use and broadly beneficial to the security community," said GitHub's chief security officer, Mike Hanley. "We assume positive intention and use of these projects to promote and drive improvements across the ecosystem.

"We do not allow use of GitHub in direct support of unlawful attacks that cause technical harm, which we've further defined as overconsumption of resources, physical damage, downtime, denial of service, or data loss."

The nature of open source means developers are generally free to upload their own code or projects and contribute to the work of others, with GitHub serving as a key platform for allowing that collaboration. 

Users are prohibited, however, from uploading or sharing any content through the platform which can be used to deliver malicious files, or from manipulating GitHub in such a way that it can serve as C&C infrastructure. 

Where there's widespread abuse of dual-use security content, GitHub's policies suggest that moderators will restrict access to that content in order to disrupt ongoing attacks or malware campaigns. In most instances, content will be placed behind an authentication barrier, but as a last resort, the platform may even disable access or fully remove projects. 

The site has also established an appeals process for repository owners who feel their content has been restricted unfairly. 

Because GitHub is an open platform, anchored in the open source ethos, many have raised concerns through the years that hackers and cyber crime gangs have taken advantage of these principles to expand their activities. 

Related Resource

A guide to enterprise detection and response providers

The 12 providers that matter most and how they stack up

Forrester enterprise detection WPDownload now

For example, Avast researchers identified several instances of hackers uploading cryptocurrency mining malware onto GitHub in 2018 by "forking" other people's legitimate projects, and adding malicious code to the repository.

Last year, meanwhile, several GitHub projects related to the NetBeans Java software were infected with malware known as Octopus Scanner that carved backdoors and infected files with a payload

GitHub's policy changes come several weeks after the platform announced it wanted to consult with developers over how best to tighten up the general security of the ecosystem while preserving the integrity of security research. 

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
OnePlus 9 Pro review: An instant cult classic
Hardware

OnePlus 9 Pro review: An instant cult classic

7 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021