all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Secrets Exposed: Why modern development, open source repositories spill secrets en masse

Add to bookmarks
Feb. 23, 2023, 4:52 p.m. | paul.roberts@reversinglabs.com (Paul Roberts)

ReversingLabs Blog blog.reversinglabs.com




For software development teams, the warning just after the New Year from DevOps platform vendor CircleCI to immediately rotate any secrets they had stored on the company’s continuous integration platform was worse than a nightmare. It was more like one of those horror films in which the police tell you that those creepy phone calls are coming from inside the house! 

circleci coming continuous continuous integration development devops exposed house integration new year open source phone phone calls platform police repositories secrets secrets security software software development software supply chain security teams the company threat detection & secrets vendor warning

Visit resource

More from blog.reversinglabs.com / ReversingLabs Blog

Announcing the General Availability of TitaniumScale v5.0: Enhancing File Analysis for Advanced Threat Detection 1 day, 10 hours ago | blog.reversinglabs.com
advanced advanced threat advanced threat detection analysis +23
How NIST CSF 2.0 and C-SCRM help manage software supply chain risk 2 days, 6 hours ago | blog.reversinglabs.com
appsec & supply chain security businesses critical critical infrastructure +29
What’s hot at RSAC 2024: 7 must-see talks for security operations teams 3 days, 10 hours ago | blog.reversinglabs.com
conference filter flood francisco +21
NVD delays highlight vulnerability management woes: Put malware first 4 days, 10 hours ago | blog.reversinglabs.com
appsec & supply chain security attention change current +16
CycloneDX upgraded for the evolving software supply chain security era 1 week, 2 days ago | blog.reversinglabs.com
ai development appsec & supply chain security bill bills +25
Where GenAI intersects with threat modeling: 3 key benefits for AppSec 1 week, 3 days ago | blog.reversinglabs.com
application application security appsec appsec & supply chain security +18
OWASP's LLM AI Security & Governance Checklist: 13 action items for your team 1 week, 4 days ago | blog.reversinglabs.com
action ai security appsec & supply chain security artificial +15
XZ Trojan highlights software supply chain risk posed by 'sock puppets' 2 weeks, 2 days ago | blog.reversinglabs.com
appsec & supply chain security attacks compression compromise +28
The state of secrets security: 7 steps to better managing risk 2 weeks, 3 days ago | blog.reversinglabs.com
appsec & supply chain security complexity development epidemic +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote Canada
View on infosec-jobs.com

Senior Application Security Engineer

@ Revinate | San Francisco Bay Area
View on infosec-jobs.com

Cyber Security Manager

@ American Express Global Business Travel | United States - New York - Virtual Location
View on infosec-jobs.com

Incident Responder Intern

@ Bentley Systems | Remote, PA, US
View on infosec-jobs.com

SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com
View more jobs