Responsible Disclosure Policy
There has been some confusion over today’s security vulnerability and our policy on responsible disclosure and account suspension that I’d like to clear up. Three days ago, user @homakov opened…
There has been some confusion over today’s security vulnerability and our policy on responsible disclosure and account suspension that I’d like to clear up.
Three days ago, user @homakov opened an issue on rails/rails about the prevalence of the mass-assignment vulnerability. Two days ago he responsibly disclosed a security vulnerability to us and we worked with him to fix it in a timely fashion. Today, he found and exploited the public key form update vulnerability without responsible disclosure. For this reason we temporarily suspended his account for violation of section A8 of the GitHub Terms of Service pending a full investigation into what happened. Now that we’ve had a chance to review his activity, and have determined that no malicious intent was present, @homakov’s account has been reinstated.
We haven’t been as clear as we should have been on how to responsibly disclose security problems, and for that I’m sorry. To prevent future confusion about security-related account suspension, and to make explicit our stance on responsible disclosure, we have added a section entitled Responsible Disclosure of Security Vulnerabilities to our Security policy.
By working together we can make the development community safe and productive for everyone. Thank you for your support, and to all those that have helped us keep GitHub safe and secure.
Written by
Related posts

GitHub Availability Report: August 2025
In August, we experienced three incidents that resulted in degraded performance across GitHub services.

Your guide to GitHub Universe 2025: The schedule just launched!
Create your own agenda of favorites, sign up for one-on-on mentoring sessions, and register if you haven’t already. We’ll see you there!

Explore the best of GitHub Universe: 9 spaces built to spark creativity, connection, and joy
See what’s happening at Universe 2025, from experimental dev tools and career coaching to community-powered spaces. Save $400 on your pass with Early Bird pricing.