Why secret detection tools are not enough: It’s not just about false positives - An industrial case study-Reference-Cited by-同舟云学术

Why secret detection tools are not enough: It’s not just about false positives - An industrial case study

Published:2022-03-17 Issue:3 Volume:27 Page:
ISSN:1382-3256
Container-title:Empirical Software Engineering
language:en
Short-container-title:Empir Software Eng

Author:

Rahman Md Rayhanur^ORCID,Imtiaz Nasif,Storey Margaret-Anne,Williams Laurie

Funder

National Security Agency (US) Science of Security Lablet

Publisher

Springer Science and Business Media LLC

Subject

Software

Link

https://link.springer.com/content/pdf/10.1007/s10664-021-10109-y.pdf

Reference17 articles.

1. Amazon (2020) Aws key management service https://aws.amazon.com/kms/

2. MITRE (2020) Cwe-798: Use of hard-coded credentials. https://cwe.mitre.org/data/definitions/798.html Accessed 16 Sep 2020

3. Meli M, McNiece M, Reaves B (2019) How bad can it git? characterizing secret leakage in public github repositories Networked and Distributed Systems Security Symposium (NDSS)

4. Montalbano E (2020) Medical data leaked on github due to developer errors. https://threatpost.com/medical-data-leaked-on-github-due-to-developer-errors/158653/, Accessed 16 Sep 2020

5. Ilascu I (2020) Starbucks devs leave api key in github public repo. https://www.bleepingcomputer.com/news/security/starbucks-devs-leave-api-key-in-github-public-repo/, Accessed 16 Sep 2020,

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Unhelpful Assumptions in Software Security Research;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15

2. A Comparative Study of Software Secrets Reporting by Secret Detection Tools;2023 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM);2023-10-26

3. The State of Secure Coding Practice: Small Organisations and “Lone, Rogue Coders”;2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS);2023-05

4. SecretBench: A Dataset of Software Secrets;2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR);2023-05

5. What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?;2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE);2023-05