Secrets Detection Fails to Manage Supply Chain Risk
Modern software and development relies on secrets (access keys, API tokens and confidential information) to function properly. With hundreds of independently developed components (open source, third-party and proprietary) making up an application, it’s no surprise that secrets detection is overwhelming application development and security teams with false positives and other results that are not actionable.
As software supply chain breaches using compromised credentials increase, so too does the need to improve how risks are assessed for efficient and effective remediation. The challenge is that actionable controls require both detection and intelligence to provide additional context for risk-based prioritization to effectively reduce secrets leakage and manage supply chain risk.
With our new capabilities, ReversingLabs is giving developers and application security teams something that other offerings don’t: broader visibility into software supply chain risks and data-driven prioritization to automatically suppress third-party secrets and other false positive results.