Loose Bits Sink Gits: Unearthing Repository Secrets and Scanning Developer Trends (2024)

By Golam Kayas Technical Research and Development Engineer Comcast Cable Justin Evans Software Development Engineer Comcast Cables Jayati Dev Privacy Engineer Comcast Cables Bahman Rashidi Cybersecurity & Privacy Research Director Comcast Cables Vaibhav Garg Executive Director, Cybersecurity Research & Public Policy Comcast Cables

The rise in popularity of social programming and collaborative projects proliferates the use of code sharing platforms like GitHub and Gitlab. Developers create online projects to collaborate with peers across the globe. These projects get forked, imported and shared all around, ingraining themselves into many other codebases. With over 83 million active users in 2022, GitHub and other code sharing platforms’ popularity have been rising over the years [5]. With the availability of code comes the possibility of secrets and other vulnerabilities being accidentally shared. Passwords and credentials are critical components of online security, and their unauthorized disclosure can lead to devastating consequences [31]. In a report published by Verizon in 2022 it was found that over 60% of all breaches were from stolen credentials [30]. Code-sharing platforms like GitHub, Gitlab and Bitbucket, while used for personal projects are also widely used in industry, making them a prime target for cybercriminals looking to exploit vulnerabilities in the software development process.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Comcast’s 4G/5G Cloud-Enabled Citizens Broadband Radio Service (CBRS)-Based Private Network Solution
By Robert Jaksa Principal Engineer Comcast Scott Cohen Executive Director Comcast Samian Kaur Executive Director Comcast
2024
Key Learnings from Comcast’s Use of Open Source Software in the Access Network
By Louis Donofrio & Qin Zang, Comcast Cable; Vignesh Ramamurthy, Infosys Consulting
2020
Photon Avatars in the Comcast Cosmos: An End-to-End View of Comcast Core, Metro and Access Networks
By Venk Mutalik, Steve Ruppa, Fred Bartholf, Bob Gaydos, Steve Surdam, Amarildo Vieira, Dan Rice; Comcast
2022
Comcast Underground: Innovative Fiber Deployments Over Existing Underground Critical Infrastructure
By Venk Mutalik, Pat Wike, Doug Combs, Alan Gardiner, Dan Rice; Comcast
2022
xGitGuard: ML-based Secret Scanner for GitHub
By Bahman Rashidi, Comcast Cable
2021
Two Years Of Deploying ITV/EBIF Applications – Comcast’s Lessons Learned
By Robert Dandrea, Ph.D., Comcast Cable
2010
Water Can Run, But It Can’t Hide: PNM Finds Soaked Cables
By Kathy Fox, Nathan Zedan, James Kolcun & Larry Wolcott, Comcast; Jason Rupe, Tom Williams & Jay Zhu, CableLabs; Ron Hranac, SCTE Network Operations Subcommittee
2021
Hidden Risk of Unpopularity in Open Source
By Chujiao Ma & Vaibhav Garg, Comcast Cable
2021
Fiberoptic Cables Installation And Maintenance
By Larry W. Nelson, Executive Vice President, General Instrument
1988
Optimizing Spectrum Efficiency with Cloud-Based Load Balancing
By Jay Zhu Senior Principal Software Engineer Comcast Defu Li Distinguished Engineer Comcast Andrey Skvirsky Executive Director Comcast Qin Zang Senior Manager Comcast David Wang Software Engineer Comcast Belal Hamzeh Vice President Comcast Dan Rice Vice President 2 Comcast Mody Niv Senior Vice President Comcast
2024
More Results >>