Secure Your Software Supply Chain in 4 Easy Steps
The now infamous SolarWinds hack is the largest cybersecurity attack in history leaving hundreds of millions at risk, and unfortunately there are signs that the wave of copycat crimes are already underway. The culprits perpetrating these breaches attack what is now widely acknowledged as the most vulnerable and least protected ... Read More

Software Supply Chain: Preventing Breaches Early
Secrets in code is one of the most common attack vectors today. The Solarwinds attack is probably the most recent and egregious example, but for every Solarwinds incident there are dozens, if not hundreds, of similar breaches every day that go unreported. Having a breach of any kind is, of ... Read More
SolarWinds: Intern leaked passwords on GitHub
Last week, SolarWinds’ CEO testified in front of Congress on the hack that is largely considered the most damaging in US history. Representatives chastised the company over how the now infamous password “solarwinds123” was used for a file server. Even more damaging, that password was found in publicly available repos ... Read More

Finding Secrets in Code the DevSecOps way
Secrets in code have become a massive security challenge for two main reasons: Code driven automation is ubiquitous. Passwords and credentials are quite often accidentally, and sometimes intentionally, checked into code. SaaS and IaaS has led to proliferation of tokens used to invoke other services. These tokens, especially in publicly ... Read More

How to reduce false positives while scanning for secrets
Secrets in code are a pervasive and ever increasing attack vector in modern software companies. If you’ve ever used a secret scanning tool to detect secrets in your code, you’ve probably had to deal with the overwhelming amount of false positives. In some cases, the level of noise is so ... Read More

How Secrets in Code Lead to Security Breaches
Once upon a time, when desktop applications reigned supreme, the security of the application was placed on the shoulders of the end user on his/her desktop. A developer (or team of developers) would create an application and release it to the end users and IT admins, who would, in turn, ... Read More
BluBracket Community Edition Eliminates Secrets in Code for Free
In wake of the SolarWinds breach, BluBracket shifts security left by introducing first tool to rank security risks and identify secrets early in the software development cycle PALO ALTO, Calif., February 9, 2020 – BluBracket, the leader in code security for developers and security engineers, today is announcing the general ... Read More

How to help developers keep secrets out of code
What’s a secret? That’s a good question. But if you’re here, you probably already understand what a secret is, with regards to software engineering. You also understand that once code has been merged, detecting and fixing security related defects in code can cost your business time, money, and expose your ... Read More

The Top Five Secrets Found in Code
Your code is not just a means for you to deploy an application, it’s also the means by which a hacker can gain access to a network or the data contained within or without. This has become even more apparent with the advent of cloud native development, where a single ... Read More

SolarWinds, GitHub Leaks and Securing the Software Supply Chain
The massive cybersecurity breach from SolarWinds by now has reached everyone in our industry’s attention. It’s a truly wide-spread and dangerous breach that, at least from what we know now, is an example of two trends in cybersecurity that frankly need more attention by any company writing code. Code as ... Read More