New platform helps uncover vulnerable secrets

Complex software today includes components that rely on digital authentication credentials commonly referred to as secrets, which include tools such as login credentials, API tokens, and encryption keys. While critical for the software to function, managing secrets across every component of code is a challenge that can result in secrets being left vulnerable.

Supply chain security company ReversingLabs is launching a new secrets detection feature within its Software Supply Chain Security (SSCS) platform.

This aims to improve secrets detection coverage by providing teams with the context and transparency needed to prioritize developer's remediation efforts, reduce manual triage fatigue and improve security controls for preventing leakage.

"These new capabilities underscore ReversingLabs commitment to address growing software supply chain complexity and increasingly sophisticated threats. Our comprehensive solution enables teams to securely control the release of software via the detection of software supply chain threats, malware, malicious behaviors, tampering and secrets exposures," says Mario Vuksan, CEO and co-founder of ReversingLabs. "Supply chain risks demand evolved application security capabilities that confront the full spectrum of challenges introduced by third party components, commercial software, and binary misconfigurations beyond open source libraries. Our SSCS platform goes beyond existing solutions that only provide open-source licensing compliance and vulnerability detection or analyze source code quality for vulnerabilities to fill in the gaps they leave behind."

ReversingLabs solution can identify more than 250 secret-types out of the box, including private keys, version control, certificates, tokens, and more. Once identified, its transparent detection capabilities allow teams to view discovered secrets for true positive confirmation, determine their precise location, which services are affected, and if those secrets are exposed or leaked elsewhere. The solution prioritizes remediation efforts by suppressing third-party, open-source, testing keys, and other commonly shared secrets while reducing the fatigue that results from manual triage.

You can read more on the ReversingLabs blog.

Image credit: lightsource / depositphotos