Blog Company GitLab reinstates list of servers that have malware
October 15, 2016
2 min read

GitLab reinstates list of servers that have malware

GitLab reinstates list of servers that have malware

Blog fallback hero

Willem de Groot published a list of web stores that contain malware. He first hosted this list on GitHub but it was deleted. Then he hosted it on GitLab where it was also deleted. The reason we gave him for the deletion was "GitLab views the exposure of the vulnerable systems as egregious and will not abide it.". Willem wrote about his experience in a blog post.

At GitLab we strongly believe in responsible disclosure, for examples of this see our policy or Hacker One's guidelines. So publishing a list of servers that are vulnerable or hacked without contacting the owner first and giving them time to remedy the situation is not OK.

But in this case the victim of the vulnerability is not only the owner but also the users of the web store. The owners of web stores have a responsibility to their users. And it is in the users interest to have the list published so owners fix their stores. We currently think that the interest of the user weights heavier. Therefore we reinstated the snippet.

Willem just tweeted about my phone call to him to apologise. Thanks for that!

We applaud Willem's effort to protect users from malware. We'll keep listening and will do our part to make the internet a more secure place for everyone.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert