Code-hosting platform GitHub Friday officially announced a series of updates to the site’s policies that delve into how the company deals with malware and exploit code uploaded to its service.
“We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits,” the Microsoft-owned company said. “We understand that many security research projects on GitHub are dual-use and broadly beneficial to the security community. We assume positive intention and use of these projects to promote and drive improvements across the ecosystem.”
Stating that it will not allow the use of GitHub in direct support of unlawful attacks or malware campaigns that cause technical harm, the company said it may take steps to disrupt ongoing attacks that leverage the platform as an exploit or a malware content delivery network (CDN).
To that end, users are refrained from uploading, posting, hosting, or transmitting any content that could be used to deliver malicious executables or abuse GitHub as an attack infrastructure, say, by organizing denial-of-service (DoS) attacks or managing command-and-control (C2) servers.
“Technical harms means…