Secrets surge 67% to 10 million on GitHub as human error drives exposure
March 10, 2023 – Published on SC Magazine
Secrets in GitHub reached 10 million occurrences last year, an increase of 67% from 2021. The historical high poses a significant threat to the software supply chain.
What is noteworthy beyond that is that one out of 10 code authors exposed a secret, while 5.5 commits out of 1,000 exposed at least one secret.
This type of attack is also harder to detect given that hard-coded secrets are valid credentials, Timothy De Block, application security engineering practice lead at GuidePoint Security, told SC Media. For example, Toyota revealed last year that a partial copy of its T-Connect source code had been exposed for five years without being noticed, affecting over 290,000 customers.
“[Hard-coded secrets] puts the software supply chain at risk by allowing attackers to move around the environment easily, while remaining undetected for an extended period of time,” Block said.
Read More HERE.