Paper - Loose Bits Sink Gits: Unearthing Repository Secrets and Scanning Developer Trends

Loose Bits Sink Gits: Unearthing Repository Secrets and Scanning Developer Trends (2024)

By Golam Kayas Technical Research and Development Engineer Comcast Cable Justin Evans Software Development Engineer Comcast Cables Jayati Dev Privacy Engineer Comcast Cables Bahman Rashidi Cybersecurity & Privacy Research Director Comcast Cables Vaibhav Garg Executive Director, Cybersecurity Research & Public Policy Comcast Cables

The rise in popularity of social programming and collaborative projects proliferates the use of code sharing platforms like GitHub and Gitlab. Developers create online projects to collaborate with peers across the globe. These projects get forked, imported and shared all around, ingraining themselves into many other codebases. With over 83 million active users in 2022, GitHub and other code sharing platforms’ popularity have been rising over the years [5]. With the availability of code comes the possibility of secrets and other vulnerabilities being accidentally shared. Passwords and credentials are critical components of online security, and their unauthorized disclosure can lead to devastating consequences [31]. In a report published by Verizon in 2022 it was found that over 60% of all breaches were from stolen credentials [30]. Code-sharing platforms like GitHub, Gitlab and Bitbucket, while used for personal projects are also widely used in industry, making them a prime target for cybercriminals looking to exploit vulnerabilities in the software development process.

Download Paper

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Comcast’s 4G/5G Cloud-Enabled Citizens Broadband Radio Service (CBRS)-Based Private Network Solution By Robert Jaksa Principal Engineer Comcast Scott Cohen Executive Director Comcast Samian Kaur Executive Director Comcast	2024
Key Learnings from Comcast’s Use of Open Source Software in the Access Network By Louis Donofrio & Qin Zang, Comcast Cable; Vignesh Ramamurthy, Infosys Consulting	2020
Photon Avatars in the Comcast Cosmos: An End-to-End View of Comcast Core, Metro and Access Networks By Venk Mutalik, Steve Ruppa, Fred Bartholf, Bob Gaydos, Steve Surdam, Amarildo Vieira, Dan Rice; Comcast	2022
Comcast Underground: Innovative Fiber Deployments Over Existing Underground Critical Infrastructure By Venk Mutalik, Pat Wike, Doug Combs, Alan Gardiner, Dan Rice; Comcast	2022
xGitGuard: ML-based Secret Scanner for GitHub By Bahman Rashidi, Comcast Cable	2021
Two Years Of Deploying ITV/EBIF Applications – Comcast’s Lessons Learned By Robert Dandrea, Ph.D., Comcast Cable	2010
Water Can Run, But It Can’t Hide: PNM Finds Soaked Cables By Kathy Fox, Nathan Zedan, James Kolcun & Larry Wolcott, Comcast; Jason Rupe, Tom Williams & Jay Zhu, CableLabs; Ron Hranac, SCTE Network Operations Subcommittee	2021
Hidden Risk of Unpopularity in Open Source By Chujiao Ma & Vaibhav Garg, Comcast Cable	2021
Fiberoptic Cables Installation And Maintenance By Larry W. Nelson, Executive Vice President, General Instrument	1988
Optimizing Spectrum Efficiency with Cloud-Based Load Balancing By Jay Zhu Senior Principal Software Engineer Comcast Defu Li Distinguished Engineer Comcast Andrey Skvirsky Executive Director Comcast Qin Zang Senior Manager Comcast David Wang Software Engineer Comcast Belal Hamzeh Vice President Comcast Dan Rice Vice President 2 Comcast Mody Niv Senior Vice President Comcast	2024
More Results >>