Despite repeated warnings, developers continue to embed sensitive credentials such as keys, tokens, and passwords in their source code, leading to security breaches, as evidenced by Uber's 2015 incident and the thousands of secrets found in Python projects on PyPI. This widespread issue persists across various programming languages and repositories, with some exposed credentials still active and posing security risks. Secure alternatives for credential management do exist, such as environment files and secret management services provided by cloud platforms.
https://arstechnica.com/security/2023/11/developers-cant-seem-to-stop-exposing-credentials-in-publicly-accessible-code/
geeknik
npub1fk8…c5sk
2023-11-16 19:29:54
Author Public Key
npub1fk8rya2ra7lp8m60f8jrjg4yqfv2cc8dah8wqc49drccs3dqngzqtgc5skPublished at
2023-11-16 19:29:54Event JSON
{
"id": "2e4c267d10e183b7d0b2f9237bec9f2a36daf761c60e128f2852eaf8a2146797",
"pubkey": "4d8e327543efbe13ef4f49e43922a40258ac60ededcee062a568f18845a09a04",
"created_at": 1700159394,
"kind": 1,
"tags": [],
"content": "Despite repeated warnings, developers continue to embed sensitive credentials such as keys, tokens, and passwords in their source code, leading to security breaches, as evidenced by Uber's 2015 incident and the thousands of secrets found in Python projects on PyPI. This widespread issue persists across various programming languages and repositories, with some exposed credentials still active and posing security risks. Secure alternatives for credential management do exist, such as environment files and secret management services provided by cloud platforms.\n\nhttps://arstechnica.com/security/2023/11/developers-cant-seem-to-stop-exposing-credentials-in-publicly-accessible-code/",
"sig": "209c1ed53d12432b4be8296c3cd3df5be5275a2fc572452d28e9d081e1e2dd0c22d70838ca42e7b7c9289eca8fda56ff4010de556ed1c109cd86655faad46cd7"
}