Are We Making It Too Easy To Leak Our Source Code?

 

 

Organizations often invest in security because of compliance and regulatory requirements. Time, awareness and too many news headlines have turned the investment in security into a strategic one, often led by the board. But, when it comes to securing source code, we see much less awareness and investment. 

Living in the digital era, with practically everything connected, code is in every part of your business-critical elements. Whether it contains parts of your IP, your customers’ data, business processes or any other information that is part of your business, it has to be secure. 

In this post we review recent source code leaks and try to better understand the current threat landscape and what we can do to stay  ahead of malicious actors and prevent human errors in a timely manner.

Protect Your Source Code

Try Cycode free for 14 days. No credit card required.

 

The Threat Landscape Is Expanding

The threat landscape is expanding and the risk to your source code is real. Just about a year ago, a laundry list of source code leaks made headlines, that included leaks from Symantec, DJI, Snapchat, Apple, Microsoft and others. There have been two major leaks since the beginning of 2020, the very recent Mercedes-Benz onboard logic unit (OLU) source code leak and the AWS leak of a gigabyte’s worth of sensitive data. 

In order to understand the scope of the threats and to establish best practices for securing source code, we need to map the threat landscape. 

Who Is Hunting Your Source Code? 

  1. Insider threats and former employees – usually motivated by revenge, or for financial gain
  2. Malicious actors – motivated by financial gain
  3. Nation states – motivation will be part of a cyberwarfare strategy or cyber espionage
  4. Competitors – to gain a competitive edge through IP theft and inflict harm to your reputation and profits

 

The threat to your source code can also be unintentional, a result of a human error. A good example for this case, is in fact the recent AWS leak mentioned above. 

The growing interest of threat actors in source code is obvious from the number of leaks published. Another clear indicator of the expanding threat landscape is the number of DMCA (Digital Millennium Copyright Act) takedown notices. According to Github, there has been an increase of DMCA takedown requests of almost 250% since 2015. 

Keep Your Source Code Secure, Everywhere. 

Your development teams create more code every day. Without adequate security measures dedicated to protecting source code data, you remain vulnerable. The growing usage of development services and platforms that are designed to improve developers’ collaboration, code review, code management and more, are also your security concern.  

There are many proven best practices to help protect your source code, in-house and on external development platforms. A good place to start would be to avoid bad coding habits to begin with. We recently published The Bad Coding Habits That Leave Your Source Code Exposed – start there.

Following these recommendations will reduce the risk of potential leaks. 

Assuming your developers are using one or more external development platforms, be sure you read these security best practices for GitHub, Bitbucket and GitLab and place your code there securely. 

Organizations invest tremendous funds and resources on security, yet the art of protecting source code has been left behind. With changes in the threat landscape, there is a burgeoning interest in what should be done in order to protect the organization’s source code, wherever it resides. 

To learn more about how to reduce the risk of your source code getting to the wrong hands, reach out to us and we can share how we can best protect your source code. 

Protect Your Source Code in Minutes

Learn how you can gain visibility into all of your organization’s
source code to protect it from theft and loss.

Related Posts

Why You Need to Know SAMM

Introduction We here at Cycode passionately advocate for protecting your source code and the secrets within it throughout its lifecycle and along all points of

Read More »

How to Setup Branch Protection Rules

Branching is the cornerstone of cooperative work using Git. Developers utilize branches to work on the same source code repository in parallel. Generally speaking, when working with branches, there is one main branch in a repository from which

Read More »