Are Code Repositories a Source of Risk?
This infographic presents the risks your company faces when using code repositories.Passwords and API key leaks lead to loss of data integrity, financial losses, and the risk that even more confidential information subsequently leaks. Learn more on how to mitigate these sources of risks below.
Learn more about our solution
Are code repositories a source of risk?
As a matter of fact, yes. Academics scanned Github to identify programmers who had published their passwords or API keys publicly, proving code repositories can be a major threat to your organization.
To do so, they analyzed over 2 billion files from 3 million code repositories between November 2017 and April 2018 (6 months).
There are 3 types of risks that result from these leaks, all of which can be harmful to your company:
- Monetary losses
- Loss of data integrity
How long does it take to mitigate this risk?
- 6% of all passwords and API keys are removed with an hour.
- 12% of all passwords and API keys are removed within a day (includes previous).
- 19% of all passwords and API keys are removed after 16 days (includes previous).
- 81% were never removed after 6 months.
Repository leaks: a case study
On October 17, 2019, a researcher found that a software developer for a large coffee chain had published the private keys that allowed malicious actors to connect to the user management service of the company. Using this information, malicious actors could have manipulated who would access to systems and information across all of the companies’ infrastructure. The information was published on Github and remained online for at least 4 days before the keys were revoked, potentially exposing corporate servers and the data at the 21,000 stores of the chain.
Flare System's solution for repository leaks
Specifically, our Firework product works to:
- Monitor in real-time all of the code published on code repositories.
- Use detection algorithms for known passwords and API keys patterns as well as customer-specified queries to identify leaks.
- Alert the customer in real-time by email of any leak so they can change the password, revoke the API keys.
Interested in learning more about Firework?