PALO ALTO, CALIFORNIA – August 5, 2020 – At the Black Hat Security Conference, BluBracket, the leader in code security, today introduced significant new functionality to its Code Security Suite, allowing companies for the first time to find stolen and copied source code in public repositories.
In today’s digital coding environment, code can be copied and shared with one click. Code proliferation represents a significant threat to companies today—not just in the loss of intellectual property, but also in the risks code poses to general enterprise security. Code not only gives critical details of how a company runs its business, it also can give hackers a blueprint and the needed credentials to unlock proprietary systems.
Just last week, code from over 50 companies was stolen and published to GitHub repositories for anyone to access. Companies were unaware their code had been stolen or posted publicly until the press began reporting on the “Gigabreach.” By that time, it’s too late.
“Code is stolen and leaked online everyday,” said Prakash Linga, CEO of BluBracket. “The world runs on code. Our customers need an efficient way to find and remove code that has been leaked to the public. By adding this functionality to our CodeSecurity Suite, we’re offering customers the opportunity to protect their critical corporate assets, all without hampering developer productivity.”
Fighting Code Proliferation.
BluBracket is the first company to address code proliferation and risk by allowing companies to “fingerprint” important code and consistently monitor it to ensure their code doesn’t appear on unauthorized public repositories.
During BluBracket’s initial scan of a repository, it creates a hash of all the source code contained within the repo. This hash is then compared against any other source code that is scanned in the future, which could be code in other private repositories or repositories in the public realm. If the hash is matched up with code found outside of the original repository, BluBracket alerts the appropriate security or engineering personnel via its own interface or through a SIEM tool.
BluBracket scans both public and private repos designated by the company at launch. In addition, BluBracket uses the list of contributors to a company’s repos to identify the public repos to which they have added code. This means that if your code has made its way to open source projects, or to a developer or contractor’s non-company accounts, you can find and remediate the issue.
BluBracket also allows companies to scan and find code copies on developer endpoint machines. By invoking the BluBracket Scanner, you can scan developer devices for both known repositories and cloned repositories from private or public sources. This can be an effective step when transitioning developers from one project to the next and can provide assurance that especially sensitive code has not unwittingly been copied to public repositories.
BluBracket’s machine learning-based alerting system is constantly learning and adjusting to avoid false positives and will alert users based on their classification of the code’s importance. This means that companies can configure alerts, for instance, for only the code that is critical to company security and competitive advantage. This type of alerting and monitoring is critical for both the security and DevSecOps teams responsible for code and general digital security.
Additional Functionality from the Code Security Suite.
Code Fingerprinting and Discovery is a critical piece of the Code Security Suite which allows companies to:
- Discover and classify code. Companies can run a BluPrint of their Git environments to understand where their code is and who has access to it. They can also classify their most critical code for detailed chain of custody information for any compliance or audit needs.
- Detect and monitor your risks. BluBracket can detect secrets in code, misconfigurations and other risks and ensure that no sensitive passwords or tokens are being misappropriated, mishandled or misused.
- Protect valuable code. All the visibility, alerting and remediation needed to take action and protect code investment from both insider and outsider code theft or unauthorized publishing to open source.
- Enforce security policies. BluBracket bridges the gap between your security, development and devops teams by making security policies actionable and enforceable in your CICD pipeline.
Meet us at Black Hat.
BluBracket will be featured at the Black Hat Security Conference. BluBracket will be exhibiting at Black Hat in a virtual “booth” and offering demos and contests to drive connection with the Black Hat community. To schedule a demo, enter our contest or talk to sales, please contact us at https://pages.blubracket.com/blubracketatblackhat.
Named as a finalist in the prestigious RSA Sandbox Innovation Awards, BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night. Companies using BluBracket will be able to discover and secure their code environments while maintaining the innovation and speed they need to compete. BluBracket delivers security at the speed of code. More information can be found at www.blubracket.com.