Thursday, April 9 at 10 AM

We tracked leaked secrets across GitLab and Bitbucket to understand why remediation so consistently fails. The findings are surprising: over half of leaked secrets are never addressed at all and a vast majority still remain “live” for  weeks, months, and years after first exposure.

In most cases, developers simply do not know a secret has leaked. And when they do act, the most common fixes (amending a commit, making a repo private, etc.) leave credentials fully exposed. By the time the problem is noticed, automated scanners likely already have it.

In this webinar, we'll cover:

• Why developers believe they've fixed a leak when they haven't (and the psychology behind it)

• What our canary token experiment revealed about how fast attackers find secrets on each platform

• How GitHub's partner program changes revocation rates, and where GitLab and Bitbucket fall short

• What you should do when a secret is leaked in public source code