By Alexis, Technical expert at Audensiel
The illegal practice of taking the source code of a computer program without authorization has developed widely in recent years. This causes financial harm, whether it’s video game companies with the theft of the GTA 6 game sources a few months ago, or companies... IT security as for Okta (single authentication provider). Added to this are reputational and trust damages in all cases to customers or suppliers of pirated companies.
It has never been more important for developers to use best practices : no secret (password, server url, user account, etc.) in hard code. The novice developer may lack training but even a seasoned developer may get caught up in lack of development time. In any case, these threats are still rather new and the developer could always think that they are safe on long internal company code repositories. Today it is not the case with open access repositories like github, an audit in 2021 revealed that more than 6 million secrets were available, double the 2020.
Anecdotally we can find clones of applications using stolen code. But the danger comes mainly from the fact that the code can be shared between several applications. These are therefore multiple entry points that end up in the hands of hackers and also gives opportunities to find 0-day flaws (unknown and undocumented flaw).
The irony of the situation is that this opens up new markets: there are now companies specialized in the search for secrecy in the code.
Moreover, specialized artificial intelligences have already proven that they are capable of finding this information.
What remains, however, vain in the face of the code already archived with the secrets and which would be found in the extraction of the sources : as often in computer science it is necessary to act upstream so as not to be caught off guard once the leak is proven.
You want to learn more ?
The Audensiel teams support companies on the governance of cybersecurity issues and on defence and data security projects.
Click here to learn more on our cybersecurity offer.
コメント