How (and why) to rid software of insensitive language.

Words Matter “Words used carelessly, as if they did not matter in any serious way, often allowed otherwise well-guarded truths to seep through.” ― Douglas Adams “But if thought corrupts language, language can also corrupt thought.” ― George Orwell Bonus points for knowing the books these quotes come from. I’ve been in the software industry […]

Meet us at RSA, Win a Peloton

The world talks security at RSA, and this year, it’s completely virtual. BluBracket is exhibiting in the Early Stage Expo. For those who sign up here and/or meet with us at our booth, you’ll be entered to win a Peloton. This is an amazing way to get fit with very good odds of winning. If […]

Secure Your Software Supply Chain in 4 Easy Steps

The now infamous SolarWinds hack is the largest cybersecurity attack in history leaving hundreds of millions at risk, and unfortunately there are signs that the wave of copycat crimes are already underway. The culprits perpetrating these breaches attack what is now widely acknowledged as the most vulnerable and least protected cybersecurity attack surface within enterprises: […]

Sign Your Commits. Please.

Why Code Signing is Critical for Software Security Not that long ago, I worked for a company that didn’t have a DevSecOps team.  The company didn’t even really have a DevOps team.  Like many small, fledgling companies most of our devops was handled by backend developers, and they did a pretty decent job.  Obviously their […]

Software Supply Chain: Preventing Breaches Early

Secrets in code is one of the most common attack vectors today.  The Solarwinds attack is probably the most recent and egregious example, but for every Solarwinds incident there are dozens, if not hundreds, of similar breaches every day that go unreported.  Having a breach of any kind is, of course, a serious matter.  Even […]

SolarWinds: Intern leaked passwords on GitHub

Last week, SolarWinds’ CEO testified in front of Congress on the hack that is largely considered the most damaging in US history. Representatives chastised the company over how the now infamous password “solarwinds123” was used for a file server. Even more damaging, that password was found in publicly available repos on GitHub. From CNN: “Confronted […]

Finding Secrets in Code the DevSecOps way

Secrets in code have become a massive security challenge for two main reasons: Code driven automation is ubiquitous. Passwords and credentials are quite often accidentally, and sometimes intentionally, checked into code. SaaS and IaaS has led to proliferation of tokens used to invoke other services. These tokens, especially in publicly visible code, are a huge […]

How Secrets in Code Lead to Security Breaches

Once upon a time, when desktop applications reigned supreme, the security of the application was placed on the shoulders of the end user on his/her desktop. A developer (or team of developers) would create an application and release it to the end users and IT admins, who would, in turn, install the application on their […]

How to prevent and detect secrets in code

We recently recorded a webinar with Security Boulevard featuring a detailed look at both preventing and detecting secrets, tokens and passwords in code, with our CEO Prakash Linga and developer advocate Chris Sammons. We encourage you to watch the full video to get actionable tips on how to shift security left and empower developers to […]

BluBracket Community Edition Eliminates Secrets in Code for Free

In wake of the SolarWinds breach, BluBracket shifts security left by introducing first tool to rank security risks and identify secrets early in the software development cycle PALO ALTO, Calif., February 9, 2020 – BluBracket, the leader in code security for developers and security engineers, today is announcing the general availability of its Community Edition, […]