GitHub Updates it’s Policies to Remove Malicious Code and Protect Users
- By Dawna M. Roberts
- Published: Jun 21, 2021
- Last Updated: Mar 18, 2022
Recently, GitHub made a change to its policies to prevent malicious hackers from exploiting code through updates or versioning. The series of policy updates are expressly aimed at dealing with malware-infected files.
What is GitHub?
GitHub is one of the most popular code hosting platforms online. Millions of developers use GitHub to develop, maintain, and distribute their software.
GitHub is a cloud-based repository used by huge companies and individual coders. Microsoft owns the company.
According to Kinsta.com, to understand GitHub, you must digest two main principles Version control and Git.
Versioning or version control refers to how developers create software and keep track of all the changes in each new version. That may include bug fixes, improvements, or other alterations. Versioning also allows users to download a specific version of the software that is compatible with their device. As each iteration changes, some supported platforms are dropped.
Git is an open-source version control system designed by Linus Torvalds in 2005. Kinsta.com explains “Specifically, Git is a distributed version control system, which means that the entire codebase and history is available on every developer’s computer, which allows for easy branching and merging.”
Almost 90% of all developers use Git for versioning.
GitHub.com is a for-profit website offering customers a place to store, version, and keep track of software while also collaborating with other developers. GitHub can also be used for managing other types of projects such as writing books, producing movies, and various creative undertakings.
GitHub offers individual developers a free account to host public code, which works great for open-source projects. They also sell private hosting to companies that require additional privacy and security features.
What Does This Change Mean?
According to their policy update,
“We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits. We understand that many security research projects on GitHub are dual-use and broadly beneficial to the security community. We assume positive intention and use of these projects to promote and drive improvements across the ecosystem.”
In an update on its blog, GitHub warned that “We do not allow use of GitHub in direct support of unlawful attacks that cause technical harm, which we’ve further defined as overconsumption of resources, physical damage, downtime, denial of service, or data loss.”
The Hacker News clarifies, “To that end, users are refrained from uploading, posting, hosting, or transmitting any content that could be used to deliver malicious executables or abuse GitHub as an attack infrastructure, say, by organizing denial-of-service (DoS) attacks or managing command-and-control (C2) servers.”
GitHub added that
“Technical harms means overconsumption of resources, physical damage, downtime, denial of service, or data loss, with no implicit or explicit dual-use purpose prior to the abuse occurring.”
When GitHub detects widespread abuse of dual-use content, they may either place it behind authentication barriers or restrict access. They intend to keep users and project owners appraised of any actions taken to protect downloads.
According to The Hacker News, the change comes after they “began soliciting feedback on its policy around security research, malware, and exploits on the platform with the goal of operating under a clearer set of terms that would remove the ambiguity surrounding “actively harmful content” and “at-rest code” in support of security research.”
Whatever it Takes to Thwart Hackers
Companies like GitHub are taking drastic measures across the board to stop the flood of malware and exploits occurring daily. Just this week, President Biden urges businesses and other entities to take a stronger stance against hackers and make preparation against ransomware attacks a primary focus.