146 kuverenga

GitGuardian Chirevo: 70% Yezvakavanzika Zvakaburitswa Zvirambe Zvichishanda KweMakore Maviri, Kukurudzira Kugadziriswa Kwekare

by CyberNewswire4m2025/03/11
Read on Terminal Reader
tldt arrow
en-flagENtr-flagTRes-flagESja-flagJAqu-flagQUsn-flagSNuk-flagUKro-flagRObg-flagBGhe-flagHEsw-flagSWhu-flagHUsr-flagSR
SN

Kurebesa; Kuverenga

GitGuardian's State of Secrets Sprawl Report inoratidza 25% kuwedzera kwezvakavanzika zvakaburitswa gore-pamusoro-gore. 70% yezvakavanzika zvakaburitswa muna 2022 zvinoramba zviripo nhasi, zvichigadzira nzvimbo yekurwisa iri kuwedzera. 35% yezvese zvakavanzika zvinyorwa zvakaongororwa zvine kanenge kamwe chete chakavanzika.
featured image - GitGuardian Chirevo: 70% Yezvakavanzika Zvakaburitswa Zvirambe Zvichishanda KweMakore Maviri, Kukurudzira Kugadziriswa Kwekare
CyberNewswire HackerNoon profile picture
0-item

** BOSTON, USA, Kurume 11, 2025/CyberNewsWire/--**GitGuardian, mutungamiri wezvekuchengetedza ari kuseri kweGitHub yakanyanya kuiswa application, nhasi yakaburitsa yakazara "2025 State of Secrets Sprawl Report," ichiburitsa dambudziko rakapararira uye rinoramba riripo rekuchengetedza iro rinotyisidzira masangano eese masayizi. Chirevo ichi chinofumura kuwedzera kwe25% kwezvakavanzika zvakaburitswa gore-pamusoro-gore, paine 23.8 miriyoni magwaro matsva akaonekwa paruzhinji GitHub muna 2024 chete. Zvakanyanya zvine chekuita nevatungamiriri vekuchengetedza mabhizinesi: 70% yezvakavanzika zvakaburitswa muna 2022 zvinoramba zviri kushanda nhasi, zvichigadzira nzvimbo yekurwisa inowedzera inowedzera nengozi nezuva rega rega.


"Kuputika kwezvakavanzika zvakaburitswa kunomiririra kumwe kutyisidzira kwakanyanya asi kusingatarisirwe mucybersecurity," akadaro Eric Fourrier, CEO weGitGuardian. "Kusiyana nehunyanzvi hwemazuva-zero, vanorwisa havadi hunyanzvi hwepamusoro kuti vashandise kusazvibata uku - chiziviso chimwe chete chakafumurwa chinogona kupa mukana usina kuganhurirwa kune dzakakosha masisitimu uye data rakadzama." Eric Fourrier anonongedza kune 2024 US Treasury Department yekutyora seyambiro: "Kiyi imwe chete yakaburitswa yeAPI yakabvumidzwa kubva kuBeyond kurwisa masisitimu. kurwiswa kwakaoma - yaive nyaya yakapusa yechiratidzo chakafumurwa chakapfuura mamirioni mukudyara kwekuchengetedza. "

Zvakawanikwa zvakakosha zveVatungamiri Vekuchengetedza

Chirevo chinozivisa akati wandei maitiro akakosha anoda kutariswa nekukurumidza:

Iyo Bofu Spot: Generic Secrets

Kunyangwe GitHub's Push Dziviriro ichibatsira vanogadzira kuona anozivikanwa mapatani ekuvanzika, generic zvakavanzika-kusanganisira hardcoded mapassword, dhatabhesi zvitupa, uye tsika dzechokwadi tokens-ikozvino zvinomiririra inopfuura hafu yezvose zvakaonekwa kuvuza. Izvi zvitupa hazvina mapatani akamisikidzwa, zvichiita kuti zvisave nyore kuona nemidziyo yakajairika.

Private Repositories: Kunyepa Sense Yekuchengetedza

Ongororo iyi inoburitsa chokwadi chinokatyamadza: yakazara 35% yezvese zvakavanzika zvinyorwa zvakaongororwa zvine kanenge chakavanzika chimwe chete, zvichipwanya fungidziro yakajairika yekuti matura epachivande akachengeteka:

  • Makiyi eAWS IAM akaonekwa mune 8.17% yematura epachivande-kupfuura 5 × kakawanda kupfuura mune zveruzhinji (1.45%).
  • Mapassword eGeneric akaonekwa angangoita 3 × kazhinji munzvimbo dzakavanzika (24.1%) zvichienzaniswa neruzhinji (8.94%)
  • MongoDB zvitupa ndiyo yaiwanzo kuburitswa yakavanzika mhando mumatura eruzhinji (18.84%).


"Zvakavanzika zvakaburitswa munzvimbo dzakavanzika dzekodhi dzinofanirwa kubatwa sekukanganisa," akasimbisa Eric Fourrier. "Zvikwata zvekuchengetedza zvinofanirwa kuziva kuti zvakavanzika zvinofanirwa kubatwa se data rakajeka zvisinei nekwavanogara."


Beyond Code: Zvakavanzika Zvakapararira Mukati meSDLC

Zvakavanzika zvakaomeswa zviri kwese kwese, asi kunyanya munzvimbo dzekuchengetedza mapofu senge mapuratifomu ekubatana uye midziyo nharaunda uko kudzora kwekuchengetedza kunowanzo kuderera:

  • Slack: 2.4% yezviteshi mukati meakaongororwa nzvimbo dzekushandira dzine zvakavanzika zvakaburitswa
  • Jira: 6.1% yematikiti akafumura zvitupa, zvichiita kuti ive iri panjodzi yekubatana chishandiso
  • DockerHub: 98% yezvakavanzika zvakaonekwa zvakamisikidzwa muzvikamu zvemifananidzo chete, nemakiyi anodarika zviuru zvinomwe eAWS aburitswa pachena.

Dambudziko reKuzivikanwa Kusiri-Munhu

Zvisiri zvevanhu (NHIs) -kusanganisira makiyi eAPI, maakaundi esevhisi, uye maotomatiki tokens - ikozvino awanda kupfuura kuzivikanwa kwevanhu mumasangano mazhinji. Nekudaro, izvi zvitupa zvinowanzoshaikwa kwakaringana manejimendi ehupenyu uye kutenderera, zvichigadzira kusagadzikana kunoramba kuripo.

Mumwe mutungamiriri wezvokuchengetedza pakambani yeFortune 500 akabvuma dambudziko iri achiti: “Tinovavarira kutenderera zvakavanzika gore negore, asi kutevedzera zvakavanzwa kwakaoma munzvimbo yedu yose.

Zvakavanzika Mamaneja: Kwete Mhinduro Yakakwana

Kunyangwe masangano anoshandisa zvakavanzika manejimendi mhinduro anoramba ari panjodzi. Ongororo ye2,584 repositories inosimudzira zvakavanzika mamaneja yakaburitsa 5.1% yakavanzika yekuvuza - kure nepedyo-zero yatinotarisira. Izvi zvinodarika avhareji yeGitHub ye4.6%.

Matambudziko akajairika anosanganisira:

  • Zvakavanzika zvakatorwa kubva kune zvakavanzika mamaneja uye hardcoded kumwe kunhu
  • Kusachengeteka kwechokwadi kune zvakavanzika mamaneja anofumura magwaro ekuwana
  • Hutongi hwakakamukana nekuda kwezvakavanzika zvinopararira kune akawanda mamaneja ezvakavanzika

Iyo Nzira Inoenda Mberi: Yakakwana Zvakavanzika Chengetedzo

Sezvo AI-yakagadzirwa kodhi, otomatiki, uye gore-yekuzvarwa budiriro inomhanyisa, mushumo unofanotaura kuti zvakavanzika kupararira zvinongowedzera. Nepo GitHub's Push Dziviriro yakadzora kumwe kuvuza, inosiya akakosha magaka-kunyanya nezvakavanzika zvegeneric, matura epachivande, uye maturusi ekubatana.

"Kune maCISO nevatungamiriri vezvekuchengetedza, chinangwa hachisi chekungoonekwa - ndiko kugadzirisa kwekusagadzikana uku kusati kwashandiswa," akadaro Eric Fourrier. "Izvi zvinoda nzira yakazara inosanganisira kuwanikwa, kuona, kugadzirisa, uye kutonga kwakasimba kwezvakavanzika pamapuratifomu ese emabhizinesi."

Chirevo ichi chinopedzisa nehurongwa hwekuti masangano agadzirise zvakavanzika zvinopararira kuburikidza:

  • Kuendesa kutarisisa kune zvakafumurwa zvitupa munzvimbo dzese
  • Kuita zvekuona zvakavanzika zvepakati uye kugadzirisa
  • Kugadzira semi-otomatiki kutenderera mitemo yezvitupa zvese
  • Kugadzira nhungamiro dzakajeka dzemugadziri wekushandisa kwakachengeteka vault

Kuti uverenge yakazara 2025 State of Secrets Sprawl Report, vashandisi vanogona kushanyira GitGuardian.com .

Zvimwe zvekushandisa

GitGuardian - Webhusaiti

Iyo State of Secrets Sprawl 2025

Pamusoro peGitGuardian

GitGuardian inzvimbo yekupedzisira-kusvika-kuguma yeNHI yekuchengetedza iyo inopa simba masangano anofambiswa nesoftware kuti awedzere kuchengetedzwa kwavo kweNon-Human Identity (NHI) uye kutevedzera zviyero zveindasitiri. Nevanorwisa vachiwedzera kunanga maNHI, akadai seakaundi masevhisi uye maapplication, GitGuardian inobatanidza Secrets Security uye NHI Governance.


Iyi nzira mbiri inogonesa kuwonekwa kwezvakavanzika zvakakanganisika munzvimbo dzako dzedev uku uchigadzirisa zvisizvo zvevanhu uye zvakavanzika zvavo 'hupenyu. Iyi puratifomu ndiyo inonyanya kuisirwa GitHub application pasi rose uye inotsigira anopfuura mazana mana nemakumi mashanu+ marudzi ezvakavanzika, inopa veruzhinji kutarisa kune yakaburitswa data, uye inotumira huchi hwekuwedzera dziviriro. Inovimbwa nevanopfuura mazana matanhatu ezviuru vanogadzira, GitGuardian ndiyo sarudzo yemasangano anotungamira seSnowflake, ING, BASF, uye Bouygues Telecom yekudzivirira kwakasimba zvakavanzika.

Contact

Media Contact

Holly Hagerman

Batanidza Marketing

[email protected]

+1(801) 373-7888

Iyi nyaya yakagoverwa sekuburitswa neCybernewswire pasi peHackerNoon's Bhizinesi Blogging Chirongwa. Dzidza zvakawanda nezvechirongwa here


Notion
L O A D I N G
. . . comments & more!

About Author

CyberNewswire HackerNoon profile picture
CyberNewswire@cybernewswire
The world's leading cybersecurity press release distribution platform.
Read my stories

HONGA TAGS

purcat-imgcybersecurity#cybersecurity#gitguardian#cybernewswire#press-release#gitguardian-announcement#cyber-security-awareness#cyber-threats#good-company

NYAYA IYI YAKAPIWA MUNA...

Read on Terminal Reader Terminal
Read this story w/o Javascript Lite

RELATED STORIES

Article Thumbnail
Snowdrop & Other Tales by Jacob Grimm and Wilhelm Grimm - Table of Links
by hackernoonbooks
Jan 01, 1970
#fiction
Article Thumbnail
Empowering Senior Professionals: Interview with Startups of the Year 2024 Nominee, SNATIKA
by snatika
Jan 01, 1970
#startups-of-the-year-2024
Article Thumbnail
Forget Pepe and dogwifhat — Snek Is the Memecoin You've Been Waiting For
by jonstojanmedia
Jan 01, 1970
#crypto
Join HackerNoonloading
Latest technology trends. Customized Experience. Curated Stories. Publish Your Ideas

Categories

Trending Topics

blockchaincryptocurrencyhackernoon-top-storyprogrammingsoftware-developmenttechnologystartuphackernoon-booksBitcoinbooks