Secrets in code make passwords vulnerable to hackers

Code in an organization's software supply chain contains secrets, including personally identifiable information (PII), passwords and other sensitive enterprise data.

Whether stored in a public or private code repository, hackers can target enterprise secrets and find PII and other organizational secrets. One of the most common risks and the source of some high-profile cloud-native application cyberattacks is the use of secrets in code across the software supply chain.

Exposed secrets found in public and private repositories

The “Secrets Insights Across the Software Supply Chain'' report from Apiiro analyzed over 25,000 repositories ranging from small to large organizations to discover the state of secrets in today's code.

The report found that 50% of all secrets in private repositories are exposed secrets that are immediately accessible once an attacker has gained access to a network.

Out of all secrets detected by the report, 38% are in repositories with PII. What's more, 42% of all exposed secrets are plain text passwords.

The mean time to remediation (MTTR) once these vulnerabilities are discovered is 90 days, indicating secrets are lurking in the source code repositories for months before removal and are leaving potentially sensitive data exposed.

For more report insights, click here.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.