In episode 100 of the Cybersecurity Minute, CISO Rob Wood talks about secrets sprawl, also known as leaking secrets or hard-coded secrets, the focus of GitGuardian’s new “Voice of Practitioners” report.
This episode is sponsored by “Selling to the New Executive Buying Committee,” an Acceleration Economy Course designed to help vendors, partners, and buyers understand the shifting sands of how mid-market and enterprise CXOs are making purchase decisions to modernize technology.
00:33 — GitGuardian, a company on our Top 10 Shortlist of Cybersecurity Enablers, recently released its “Voice of Practitioners” report focused on the pervasive problem of secrets sprawl in applications. Secrets sprawl is where something like an API token or configuration variable is exposed to people that shouldn’t see it.
01:32 — Rob says exposed secrets are likely due to a combination of using outdated automation that can’t detect newer secrets formats and not investing enough in automated approaches to support code review and static analysis.
02:09 — He recommends that anyone involved in the security of software applications lean into automation. “Manual reviews are never going to go away,” he says. “But you should be looking to augment that with sound automation.”
02:38 — Security automation isn’t something you do once and forget about. Start by automating something easy, then do “the next thing, and the next thing, and just continue to build out your suite of tests [and] capabilities.”
03:06 — By improving your automation incrementally, you’ll see differences in the security of your applications over time.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: