GitHub reveals cunning plan to identify malware and exploits hosted on platform

Security researchers will be able to host proof-of-concept code on GitHub

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

GitHub, arguably the most popular repository for hostingopen sourcesoftware, has updated its guidelines to prevent the use of the platform for hostingmalwareand exploits.

The process began in April when GitHub asked thecybersecuritycommunity for feedback on its new policy regarding the use of the platform in malicious campaigns.

Based on the feedback, GitHub has just announced the new terms, which gives it the power to act against repositories that assist malicious campaigns, and prohibits the use of the platform to assist such campaigns in any way.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

“We have clarified how and when we may disrupt ongoing attacks that are leveraging the GitHub platform as an exploit or malware content delivery network (CDN),” reads one the terms of GitHub’s new policy.

GitHub policy

The need to update the usage terms was highlighted when the platform removed a security researcher’s proof-of-concept (PoC) exploit for theProxyLogonvulnerability inMicrosoftExchangeemailservers.

Many alleged that Microsoft-owned GitHub took the step at the behest of their corporate owners. However, GitHub maintained that hosting PoCs for vulnerabilities currently being exploited in the wild was against its policies.

In the new policy, GitHub has now specifically said it will allow hosting of PoC with dual-use.Bleeping Computerdescribes dual-use as content that can be used positively by security researchers on one hand, and by threat actors for malicious purposes.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits,” GitHub explained.

The company added that this change reins in the broad language used earlier and is worded specifically to show that the platform welcomes PoC code.

ViaBleeping Computer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This dangerous new malware is hitting Windows devices by hiding in games

Windows PCs targeted by new malware hitting a vulnerable driver

Steps to take when your phone number is publicly listed online