The 2023 Gartner Market Guide for Email Security The Gartner Market Guide for Email Security[1] is a comprehensive report that provides insights into the current state of email security solutions, their effectiveness, and the latest trends in the market. The … Read More
Artificial Intelligence
Data Risk, Intelligence and Insider Threats
Data Risk, Intelligence and the Insider Threat When it comes to securing networks in today’s business environment, the single biggest challenge firms must contend with is that of the insider threat. While the term is typically associated with corporate espionage … Read More
False Promise of Blanket Encryption
The false promise of blanket encryption Why data needs to be inspected before its put under lock and key With cyber-attacks on the rise and compliance with regulatory regimes like HIPAA and GDPR becoming more urgent, businesses have been turning … Read More
Business Email Compromise
Business Email Compromise Among the growing threats within today’s cyber-sphere, the trend of Business Email Compromise, or BEC, is certainly nearing the top of the list. Broadly defined, BEC is a type of sophisticated scam targeting companies who … Read More
Inaccuracies of Machine Learning
Inaccuracies of Machine Learning Automation has found its way into every major technical industry. And it’s no wonder why. Streamlining operations with machines increases productivity and efficiency, especially for fields where large volumes of information are a … Read More
Data Security & Source Code Protection
As far as sensitive data goes, few pieces of information rank higher then program source code.
Source code is highly sensitive proprietary information, making up the program instructions for any application in their original form.
The More Sensitive, the Bigger the Risk
For years, security experts have been pointing to the risks of exposed source code.
Two elements in particular make source code a major potential liability. The first and more obvious is the intellectual property element. Creators stand to lose the investment in producing programs as well as all potential future profits if source code is lost.
The second factor is that source code can be manipulated. Not only can changes be made to the software’s functions and tools, but malicious elements such as Trojans and backdoors can be inserted as well. These compromised code sets are then used to mass produce the software in machine code form, i.e. the form in which they’re purchased by the common user.
Surprisingly, many developers still use primitive security measures, despite the many examples of stolen or maliciously modified programs.
The Conventional Approach and its Holes
Today, the market has produced several source code repositories, many of them open source. Hosts such as Assembla, Microsoft’s Azure DevOps, and the increasingly popular GitHub are just a few of the options out there.
Unfortunately, the run-of-the-mill source code host has its downsides.
First off, many of these platforms leave issues in tracking and locating code once the code is uploaded. Some even require the downloading of external apps to search for code sets. For organizations that need fast reliable access to stored code, the way in which many hosts are structured can prove to be a liability.
Security Vulnerabilities
In addition to the logistical setbacks, IT professionals have also pointed to the security vulnerabilities of common source code hosts. For one, many sites are made vulnerable by the errors of their administrators, which can in turn potentially compromise the entire platform. Additionally, there is often no way to track and classify access to code stored on the hosts. Developers and other team members are able to freely access code and even execute changes to it. The lack of policy and enforcement protocols exponentializes the insider threat and the risk of data exfiltration.