is:open label:param:dummy updated:>2015-12-28

[usernamealreadyis]

Don’t attempt to gain access to another user’s account or data.

Don’t perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed.

Don’t publicly disclose a bug before it has been fixed.

Only test for vulnerabilities on sites you know to be operated by GitHub and listed under Open bounties. Some sites hosted on subdomains of GitHub.com are operated by third parties, e.g. shop.github.com, and should not be tested.

Do not impact other users with your testing, this includes testing for vulnerabilities in repositories you do not own. We may suspend your GitHub account and ban your IP address if you do so.

Don’t use scanners or automated tools to find vulnerabilities. They’re noisy and we may suspend your GitHub account and ban your IP address.

Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.

When in doubt