Total Tests:

Source code from big-name companies leaked online

By Howard Solomon for IT World Canada
Monday, July 27, 2020

This isn’t the first time corporate source code has been found with not enough protection. In January a Canadian security developer and researcher found two open GibHub accounts with application source code, internal user names and passwords, and private keys from Rogers Communications. Rogers said the code was obsolete. Last year the same researcher found source code belonging to Scotiabank on Github.

“From a technical standpoint, these leaks are not that dramatic,” Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, said in an email. “Most of the source code is worthless unless you have other pieces of technology and, importantly, people to make complicated systems work properly. Moreover, the source code rapidly depreciates without daily support and improvement. Thus, unscrupulous competitors are unlikely to get much value unless they are seeking a very specific piece of software. Furthermore, unlawful usage of the source code is quite easily provable and may trigger multi-million lawsuits.”

But, he said, the researchers who posted the code may be sued for a variety of reasons including copyright infringement, conspiracy and violation of computer crime laws. Large companies are unlikely to go to court, he added, preferring to quickly remove the source code from the repository and remediate their internal DevOps security processes.

To prevent the loss of source code, organizations should revise and continuously monitor their DevOps operations, converting them into agile DevSecOps, he said. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential