So, how safe and secure do you think your user credentials are in online code repositories? Organizations from around the world are getting repeatedly crippled by this issue. Netenrich’s ASI augments your SOC with always-on attack surface analysis and empowers them to keep an eye out for code repository exposures and prevent the leakage of business-critical information.
The actual scope of the problem
Some North Carolina State University researchers scanned billions of files on GitHub, the world’s largest online code repository, as part of an academic study. The researchers went through just 13% of GitHub’s public repositories, and this is what they found:
- Over 100,000 code repositories exposed authentication secrets, such as cryptographic keys and API tokens.
- There are a thousand more repositories leaking unique information every single day.
Let’s gain more context to understand the true scope of the issue at hand. During the test, researchers revealed that some repositories belonged to large, prominent companies. These included:
- A site used by millions of college applicants in the U.S.
- Secret information about a major government agency in a Western European country.
How does Netenrich counter code repository exposure?
Netenrich’s proprietary ASI continually keeps an eye out for any brand mentions made in these code repositories. The moment the system gets a match, our analysts look into the matter and check whether the brand mention is associated with confidential information leaks or not. Recently, we discovered the API keys and related secret information for one of our clients on GitHub through our attack surface analysis. Our combination of industry-leading machine+human intel allows us to remediate critical issues with proper context.