GitGuardian’s research reveals growing unauthorised access problems in Python’s PyPI project due to hardcoded ‘secrets’ such as API keys and passwords. Over 450,000 projects including 9.4 million files across five million versions were analysed, and nearly 4,000 unique secrets were found, resulting in almost 57,000 occurrences. The study also found repeated secrets in multiple releases due to lack of safeguards in Python’s publishing tools. The research suggests solutions such as scanning secrets before release, avoiding plaintext credentials, and using Secrets Managers like AWS or Azure.
Cyberattack diverts ambulances and takes electronic health records offline at Ascension
Blimey! I’ve got a tale that might get your kettle boiling. Now, grab a cuppa and let’s have a natter about the recent digital shenanigans
