The Threat Landscape Is Expanding
The threat landscape is expanding and the risk to your source code is real. Just about a year ago, a laundry list of source code leaks made headlines, that included leaks from Symantec, DJI, Snapchat, Apple, Microsoft and others. There have been two major leaks since the beginning of 2020, the very recent Mercedes-Benz onboard logic unit (OLU) source code leak and the AWS leak of a gigabyte’s worth of sensitive data.
In order to understand the scope of the threats and to establish best practices for securing source code, we need to map the threat landscape.
Who Is Hunting Your Source Code?
- Insider threats and former employees – usually motivated by revenge, or for financial gain
- Malicious actors – motivated by financial gain
- Nation states – motivation will be part of a cyberwarfare strategy or cyber espionage
- Competitors – to gain a competitive edge through IP theft and inflict harm to your reputation and profits
The threat to your source code can also be unintentional, a result of a human error. A good example for this case, is in fact the recent AWS leak mentioned above.
The growing interest of threat actors in source code is obvious from the number of leaks published. Another clear indicator of the expanding threat landscape is the number of DMCA (Digital Millennium Copyright Act) takedown notices. According to Github, there has been an increase of DMCA takedown requests of almost 250% since 2015.
Keep Your Source Code Secure, Everywhere.
Your development teams create more code every day. Without adequate security measures dedicated to protecting source code data, you remain vulnerable. The growing usage of development services and platforms that are designed to improve developers’ collaboration, code review, code management and more, are also your security concern.
There are many proven best practices to help protect your source code, in-house and on external development platforms. A good place to start would be to avoid bad coding habits to begin with. We recently published The Bad Coding Habits That Leave Your Source Code Exposed – start there.
Following these recommendations will reduce the risk of potential leaks.
Assuming your developers are using one or more external development platforms, be sure you read these security best practices for GitHub, Bitbucket and GitLab and place your code there securely.
Organizations invest tremendous funds and resources on security, yet the art of protecting source code has been left behind. With changes in the threat landscape, there is a burgeoning interest in what should be done in order to protect the organization’s source code, wherever it resides.
To learn more about how to reduce the risk of your source code getting to the wrong hands, reach out to us and we can share how we can best protect your source code.