GitHub Copilot, Amazon Code Whisperer emit people's API keys (www.theregister.com)

submitted 1 year ago by [email protected] to c/[email protected]

11 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] [email protected] 0 points 1 year ago

Wow, that's a terrible security process even for development configs. How about adding a script they can run right after cloning to pull the needed keys from a secure location using their own user credentials? Plenty of solutions out there.

permalink
fedilink
source
parent
hideshow 2 child comments

[-] [email protected] 0 points 1 year ago

So let’s say the code base leaks.

Let’s say our VPN was also compromised.

Then what is the worst that can happen? Some internal dev api with no real data in it can be tested by hackers.

permalink
fedilink
source
parent

this post was submitted on 22 Sep 2023

19 points (95.2% liked)

appsec

332 readers

1 users here now

A community for all things related to application security.

founded 1 year ago

MODERATORS

[email protected]