e41b1e160f
* Update github-acceptable-use-policies.md * Update github-acceptable-use-policies.md * Update github-community-guidelines.md removes the restriction guidelines as they will change to stand-alone pages. * Create misinformation-and-disinformation.md * Rename misinformation-and-disinformation.md to github-misinformation-and-disinformation.md * Create github-sexually-obscene-content.md * Create github-hate-speech.md * Create github-threats-of-violence-and-gratuitously-violent-content.md * Create github-bullying-and-harassment.md * Create github-disrupting-the-experience-of-other-users.md * Create github-impersonation.md * Create github-doxxing-and-invasion-of-privacy.md * Update github-acceptable-use-policies.md * Update github-acceptable-use-policies.md * Create github-active-malware-or-exploits.md * Update github-community-guidelines.md * Update github-community-guidelines.md * Update github-threats-of-violence-and-gratuitously-violent-content.md * Update content/github/site-policy/github-acceptable-use-policies.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update content/github/site-policy/github-acceptable-use-policies.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update github-bullying-and-harassment.md * Update github-bullying-and-harassment.md * Update content/github/site-policy/github-disrupting-the-experience-of-other-users.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update content/github/site-policy/github-threats-of-violence-and-gratuitously-violent-content.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * update name of Appeal and Reinstatement form * Update content/github/site-policy/github-impersonation.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update content/github/site-policy/github-community-guidelines.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update content/github/site-policy/github-community-guidelines.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update content/github/site-policy/github-community-guidelines.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update content/github/site-policy/github-community-guidelines.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update content/github/site-policy/github-acceptable-use-policies.md * Update content/github/site-policy/github-acceptable-use-policies.md * Update content/github/site-policy/github-sexually-obscene-content.md * Update content/github/site-policy/github-doxxing-and-invasion-of-privacy.md * Update content/github/site-policy/github-doxxing-and-invasion-of-privacy.md * Update content/github/site-policy/github-community-guidelines.md * Update content/github/site-policy/github-community-guidelines.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update content/github/site-policy/github-community-guidelines.md * Update content/github/site-policy/github-acceptable-use-policies.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update content/github/site-policy/github-acceptable-use-policies.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update content/github/site-policy/github-bullying-and-harassment.md Co-authored-by: Matt Hartley <mbhartley@users.noreply.github.com> * Update content/github/site-policy/github-disrupting-the-experience-of-other-users.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Update content/github/site-policy/github-hate-speech.md Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> * Rename github-hate-speech.md to github-hate-speech-and-discrimination.md * Update github-acceptable-use-policies.md * Update content/github/site-policy/github-acceptable-use-policies.md * Update content/github/site-policy/github-community-guidelines.md * Update content/github/site-policy/github-disrupting-the-experience-of-other-users.md * Update content/github/site-policy/github-community-guidelines.md * Update content/github/site-policy/github-misinformation-and-disinformation.md Co-authored-by: literarytea <literarytea@users.noreply.github.com> * fix typo * Update github-acceptable-use-policies.md (adding back a little nugget) * Update content/github/site-policy/github-acceptable-use-policies.md * Update content/github/site-policy/github-acceptable-use-policies.md * Update content/github/site-policy/github-impersonation.md * Update content/github/site-policy/github-community-guidelines.md * Update content/github/site-policy/github-community-guidelines.md * Update github-acceptable-use-policies.md * Update content/github/site-policy/github-acceptable-use-policies.md * add "interpret our policies" to User Protection clause h/t @literarytea @mbhartley @jessephus * Update content/github/site-policy/github-acceptable-use-policies.md * Update content/github/site-policy/github-community-guidelines.md * Update content/github/site-policy/github-community-guidelines.md * Update content/github/site-policy/github-sexually-obscene-content.md * Update github-community-guidelines.md * Update content/github/site-policy/github-community-guidelines.md * Update content/github/site-policy/github-community-guidelines.md * Update github-active-malware-or-exploits.md * Update github-bullying-and-harassment.md * Update github-active-malware-or-exploits.md * Update github-active-malware-or-exploits.md * Update github-bullying-and-harassment.md * Update github-disrupting-the-experience-of-other-users.md * Update github-doxxing-and-invasion-of-privacy.md * Update github-hate-speech-and-discrimination.md * Update github-impersonation.md * Update github-misinformation-and-disinformation.md * Update github-sexually-obscene-content.md * Update github-threats-of-violence-and-gratuitously-violent-content.md * Update content/github/site-policy/github-community-guidelines.md * Update github-hate-speech-and-discrimination.md * Update github-acceptable-use-policies.md * Update content/github/site-policy/github-acceptable-use-policies.md * permanent suspension > termination * update link to support form * add period * Add new files to site policy index * Swap in relative links in community guidelines * Remove redirects from 2 new articles * Fix links for failing test * Update links for failing test * Remove extra ( breaking a link * Fix links for failing test * Actually fix links 😬 * Update content/github/site-policy/github-active-malware-or-exploits.md Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> * Update content/github/site-policy/github-acceptable-use-policies.md * Update content/github/site-policy/github-acceptable-use-policies.md * Update content/github/site-policy/github-acceptable-use-policies.md * Update content/github/site-policy/github-acceptable-use-policies.md * Update github-acceptable-use-policies.md * some changes for consistency * Update github-acceptable-use-policies.md * Update github-acceptable-use-policies.md * Update content/github/site-policy/github-community-guidelines.md * Update content/github/site-policy/github-hate-speech-and-discrimination.md * Update content/github/site-policy/github-community-guidelines.md * Update content/github/site-policy/github-bullying-and-harassment.md * Update content/github/site-policy/github-bullying-and-harassment.md * Update content/github/site-policy/github-disrupting-the-experience-of-other-users.md * Update content/github/site-policy/github-disrupting-the-experience-of-other-users.md * Update content/github/site-policy/github-disrupting-the-experience-of-other-users.md * Update github-disrupting-the-experience-of-other-users.md * Update github-hate-speech-and-discrimination.md * Update github-impersonation.md * Update github-impersonation.md switching this because it reads weird - meaning is to refer to personal information shared in a user profile. * Update github-disrupting-the-experience-of-other-users.md rewording/adding AUP link * Update github-bullying-and-harassment.md * Update github-impersonation.md add link * Update github-misinformation-and-disinformation.md adds link * Update github-sexually-obscene-content.md * Update github-sexually-obscene-content.md word change * Update github-threats-of-violence-and-gratuitously-violent-content.md rewording * Update github-sexually-obscene-content.md * Update github-community-forum-code-of-conduct.md I made initial changes, but I'm at a loss for what to do on the what is not allowed section. My thinking is to cut that section and replace it with a short blurb linking out to our acceptable use policies and leave the additional language that was specific to community forum. cc/ @vollmera if you have thoughts. * add unlawfully before shares to clarify that we don’t intend for this restriction to apply where a legal exemption, such as for the purpose of interoperability, may apply * help clarify that activities authorized under bug programs are not considered “unauthorized” * add comma for readability Co-authored-by: Abby Vollmer <vollmera@users.noreply.github.com> Co-authored-by: Matt Hartley <mbhartley@users.noreply.github.com> Co-authored-by: Jesse Geraci <6133249+jessephus@users.noreply.github.com> Co-authored-by: Ethan P <56270045+ethanpalm@users.noreply.github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com>
2.9 KiB
title, versions, topics
| title | versions | topics | ||||
|---|---|---|---|---|---|---|
| GitHub Active Malware or Exploits |
|
|
Being part of a community includes not taking advantage of other members of the community. We do not allow anyone to use our platform in direct support of unlawful attacks that cause technical harms, such as using GitHub as a means to deliver malicious executables or as attack infrastructure, for example by organizing denial of service attacks or managing command and control servers. Technical harms means overconsumption of resources, physical damage, downtime, denial of service, or data loss, with no implicit or explicit dual-use purpose prior to the abuse occurring.
Note that GitHub allows dual-use content and supports the posting of content that is used for research into vulnerabilities, malware, or exploits, as the publication and distribution of such content has educational value and provides a net benefit to the security community. We assume positive intention and use of these projects to promote and drive improvements across the ecosystem.
In rare cases of very widespread abuse of dual-use content, we may restrict access to that specific instance of the content to disrupt an ongoing unlawful attack or malware campaign that is leveraging the GitHub platform as an exploit or malware CDN. In most of these instances, restriction takes the form of putting the content behind authentication, but may, as an option of last resort, involve disabling access or full removal where this is not possible (e.g. when posted as a gist). We will also contact the project owners about restrictions put in place where possible.
Restrictions are temporary where feasible, and do not serve the purpose of purging or restricting any specific dual-use content, or copies of that content, from the platform in perpetuity. While we aim to make these rare cases of restriction a collaborative process with project owners, if you do feel your content was unduly restricted, we have an appeals process in place.
To facilitate a path to abuse resolution with project maintainers themselves, prior to escalation to GitHub abuse reports, we recommend, but do not require, that repository owners take the following steps when posting potentially harmful security research content:
-
Clearly identify and describe any potentially harmful content in a disclaimer in the project’s README.md file or source code comments.
-
Provide a preferred contact method for any 3rd party abuse inquiries through a SECURITY.md file in the repository (e.g. "Please create an issue on this repository for any questions or concerns"). Such a contact method allows 3rd parties to reach out to project maintainers directly and potentially resolve concerns without the need to file abuse reports.
GitHub considers the npm registry to be a platform used primarily for installation and run-time use of code, and not for research.