It might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures (CVEs) often make headlines in the cybersecurity world, secrets management remains an overlooked issue that can have immediate and impactful consequences for corporate safety.
A recent study by GitGuardian found that 75% of IT decision-makers in the US and the UK reported at least one secret leaked from an application, with 60% causing issues for the company or employees. Shockingly, less than half of respondents (48%) were confident in their ability to protect application secrets “to a great extent.”
The study, named Voice of Practitioners: The State of Secrets in AppSec (available for free download here), provides a fresh perspective on managing secrets, which is often reduced to clichés that do not reflect the operational reality in engineering departments.
Despite their ubiquity in modern cloud and development operations, secrets remain a thorny issue even for the most mature organizations. The multiplication of the number of secrets being simultaneously in use within the development cycle makes it all too easy to fall off the control of sound security measures and “leak.”
images from Hacker News