State of Secrets Sprawl Report Reveals 12.8M New Secrets Occurrences Detected in 2023; Up 28% Fr…>
Cyber Security Dive –
Here is a summary of the key points from the report on exposed secrets on GitHub by GitGuardian:
The 2024 State of Secrets Sprawl report found that 12\)8 million new secret occurrences were publicly leaked on GitHub in 2023, a 28% increase from 2022\)
The number of exposed secrets has quadrupled since GitGuardian started reporting in 2021, driven by the growing number of GitHub repositories.
In 2023, over 1 million Google API secrets, 250,000 Google Cloud secrets, and 140,000 AWS secrets were detected as leaked publicly.
90% of exposed valid secrets remain active for at least 5 days after the author is notified, creating “zombie leaks” that are a major risk.
Only 28\)2% of repositories with erased leaky commits were still accessible, suggesting many get deleted instead of properly revoking secrets.
12\)4% of repositories taken down by GitHub in 2023 exposed secrets, a 37\)8% increase from 2020, potentially due to DMCA takedown requests.
The report explores using AI for secrets detection, finding leaked secrets across public/private repos, secrets sprawl on PyPI, and provides recommendations for tackling the issue.
Key recommendations include increasing awareness, training, automated processes, discovery tools, and remediation platforms throughout the development lifecycle.
Link: https://www.cybersecuritydive.com/press-release/20240312-the-state-of-secrets-sprawl-2024/