"Massive GitHub Analysis Reveals 10 Million Secrets in 1 Billion Commits"

GitGuardian scanned 1.02 billion new GitHub commits in 2022, a 20 percent increase from 2021, and discovered 10 million instances of secrets, a 67 percent increase. There is a misconception that junior developers are mostly responsible for hard-coded secrets. Any developer, regardless of expertise or seniority, is susceptible to this practice. Hard-coding secrets is often done because of convenience rather than a lack of understanding or skill. Senior developers, who may just be testing a database connection or endpoint, could be under pressure to quickly perform tasks in order to meet business objectives. Secrets serve as a secure binding factor that unites the many components of modern software supply chains, from code to the cloud. Due to their importance, they have become the most sought-after information for attackers. Despite their importance, a number of data breaches in 2022 demonstrated their inadequate protection. This article continues to discuss the discovery of exposed secrets on GitHub. 

Help Net Security reports "Massive GitHub Analysis Reveals 10 Million Secrets in 1 Billion Commits"