Last week, the software giant called for "feedback on our policy around security research, malware, and exploits on the platform so that the security community can collaborate on GitHub under a clearer set of terms. We want to be more clear about our expectations for keeping GitHub, and the various package registries that call GitHub home, a safe community".
Until it was bought by Microsoft, and even after that, GitHub has always been a place where researchers sometimes store code that is used in exploits. But given that Microsoft software, especially Windows, is the most exploited in the world, such acts often pose danger to the owner itself.
A month or so ago, Microsoft removed a proof-of-concept exploit which could be used to take advantage of a vulnerability in its Exchange Server product known as the ProxyLogOn vulnerability. But not long after, the same PoC code was posted back to GitHub by people other than the original poster.
But then this was always going to happen. Anyone who thought that Microsoft would allow the use of one of its own properties to host vulnerabilities that could attack its own software was probably smoking some very strong stuff.
There have been other instances of this kind of censorship. In November last year, the source code for the youtube-dl script, which can be used to download YouTube videos from the command-line, was taken down by GitHub after a complaint from the Recording Industry Association of America, a group of which Microsoft is a member.
Back in June last year, a researcher released exploit code for taking advantage of a vulnerability in Microsoft's implementation of the server message block protocol in Windows, a flaw that was described as SMBGhost at the time it became known.
It's not like researchers have not anticipated that there would be a clash of interests with the new owner. Soon after the purchase of GitHub, 97 open-source developers threatened to move their projects away unless Microsoft ended its contract with the US Immigration and Customs Enforcement.
In 2019, there were protests over this contract at the annual GitHub conference, with a number of employees resigning.
But in the end, only profits matter to Microsoft. And the sole question was how long it would take before it tried to shore up its own turf. That time has now come. Users had best vote with their own feet.