Top 5 Application Security Takeaways from RSA Conference 2022
RSA Conference 2022 was held in San Francisco, June 6-8, 2022. The cybersecurity industry welcomed back RSA 2022 which was held in person at the Moscone Convention Center in San Francisco. Following a one year hiatus due to Covid, the conference was back, stronger and well-timed to address the developments over the recent past. With […]
BluBracket open-sources secret, PII, and non-inclusive language scanning tools for S3 objects, Confluence wiki pages, and more…
Enormous volumes of data from private repos, internal chats, private S3 buckets, databases, internal docs, and more have all been exposed recently. For us, the problem is clear: the only safe place to hide a secret is in an encrypted vault. Our core product is the market leader in securing internal code supply chains—including eliminating […]
Think Secrets in Code Can’t Hurt You? Think Again.
Leaking secrets is bad, right? Not everyone fully understands the consequences of secrets committed to source code. It’s my aim in this article to prove out what could happen if a secret is leaked to a public repository. On May 9th, I set out to do that and decided to analyze a two week period. […]
BluBracket’s new filtering experience cuts through the noise
When BluBracket launched we were focused on being the best tool to find risks in code and related to code—as we describe it: what’s in your code, who has access, and where it’s going. But our work with companies ranging from nimble five-person startups to enterprises at the top of the fortune 100 has taught […]
Why we joined forces with Snyk
Yesterday we joined Snyk’s new Technical Alliance Partnership Program as a founding member and announced that we will integrate Snyk Open Source into our BluBracket Code Security Suite. As a relatively young company, this is a big commitment and one that as CEO I don’t take lightly. But the value proposition for our customers is […]
Your source code is vulnerable, here’s what hackers are looking for
The biggest news of the spring season so far has been of a slap, a hostile takeover bid, a devastating series of source code dumps by a heretofore unknown hacking group, and now a hacked batch of OAuth tokens leading to yet more source code leaks. Of all of those, the source code leaks might […]
What kind of security tools should I provide to developers?
Dark Reading features an article from BluBracket’s VP of Product and Developer Relations on how security professionals should help their developers write secure code. One tip: “Use pre-commit hooks to scan for secrets and other code risks before they get into code. A secret in code is a secret told. Blocking secrets at the source […]
Introducing improved risk detail display and management workflows
Today we’re introducing improved risk details display and workflows in BluBracket Code Security. Our early testers have described these as a huge improvement in their ability to quickly and efficiently review and act on risks. We developed these improvements in collaboration with our design partners, with feedback from our enterprise customers representing over $100 billion […]
Cybersecurity & information security resources I used in 2021
Hey! My name is Alexandria, and I am a Developer Advocate intern at BluBracket. At BluBracket, I’ve had the opportunity to work with a fantastic team and learn in public all things related to code security. To me, “Learning in public” means sharing the resources I’ve used on my journey. So here’s a list of […]
Software Supply Chain-Still a Vulnerability for our Critical Infrastructure
From Stuxnet to Colonial Pipeline Although more than a decade has gone by, Stuxnet is regarded as the incident that initiated the use of a malware delivery platform that could deploy multiple 0-days attacks simultaneously. Since then, a series of attacks with monikers like duqu and flame evolved, sometimes called the sons-of-stuxnet. In some ways […]
