Webinar: How Secure is Your Internal Software Supply Chain?

Next week on January 25, BluBracket will join leaders from Snyk and The Linux Foundation to discuss the state of software supply chain in an exclusive webinar and what can be done to improve it. It’s a collaborative approach because each of participants will discuss a discrete aspect of software supply chain security: — The […]

Code Security and the Executive Order on Cybersecurity. What you need to know.

The last twelve months has shown just how high the stakes are to secure our nation’s cybersecurity infrastructure. Colonial pipeline, SolarWinds and Microsoft Exchange are just some of the most dangerous hacks with far-reaching consequences. Earlier this month, the White House signed an Executive Order charting a new course for our nation’s cybersecurity infrastructure.  In […]

Meet us at RSA, Win a Peloton

The world talks security at RSA, and this year, it’s completely virtual. BluBracket is exhibiting in the Early Stage Expo. For those who sign up here and/or meet with us at our booth, you’ll be entered to win a Peloton. This is an amazing way to get fit with very good odds of winning. If […]

Software Supply Chain: Preventing Breaches Early

Secrets in code is one of the most common attack vectors today.  The Solarwinds attack is probably the most recent and egregious example, but for every Solarwinds incident there are dozens, if not hundreds, of similar breaches every day that go unreported.  Having a breach of any kind is, of course, a serious matter.  Even […]

SolarWinds: Intern leaked passwords on GitHub

Last week, SolarWinds’ CEO testified in front of Congress on the hack that is largely considered the most damaging in US history. Representatives chastised the company over how the now infamous password “solarwinds123” was used for a file server. Even more damaging, that password was found in publicly available repos on GitHub. From CNN: “Confronted […]

Finding Secrets in Code the DevSecOps way

Secrets in code have become a massive security challenge for two main reasons: Code driven automation is ubiquitous. Passwords and credentials are quite often accidentally, and sometimes intentionally, checked into code. SaaS and IaaS has led to proliferation of tokens used to invoke other services. These tokens, especially in publicly visible code, are a huge […]

How to reduce false positives while scanning for secrets

Secrets in code are a pervasive and ever increasing attack vector in modern software companies.  If you’ve ever used a secret scanning tool to detect secrets in your code, you’ve probably had to deal with the overwhelming amount of false positives.  In some cases, the level of noise is so high that it can be […]

How Secrets in Code Lead to Security Breaches

Once upon a time, when desktop applications reigned supreme, the security of the application was placed on the shoulders of the end user on his/her desktop. A developer (or team of developers) would create an application and release it to the end users and IT admins, who would, in turn, install the application on their […]