(S12) (INFOSEC) The State Of Secrets Sprawl
Wednesday, October 15, 2025 12:00 PM to 12:15 PM · 15 min. (Canada/Eastern)
Information
Credentials found in plaintext on GitHub give anyone who finds them direct access to those systems. The danger is very real, especially as credential abuse has become the leading root cause of breaches as of 2025.
This session presents an empirical synthesis of GitGuardian’s State of Secrets Sprawl findings, derived from annual perimeter scanning of public GitHub commits. In 2024, approximately 1.4 billion new commits were analyzed to quantify the prevalence, types, and contexts of exposed credentials, with a particular focus on generic secrets created as part of internal systems, which often take the form of service tokens, keys, and connection strings. We examine where and how leaks occur across code, CI artifacts, container layers, and documentation snippets, and discuss patterns that amplify impact, including credential reuse, cross-environment sharing, and extended lifetime.
The talk emphasizes method and interpretation: how detection distinguishes specific from generic secrets, what constitutes a likely valid secret at scale, and the limitations inherent in perimeter-only observation. We connect observed trends to practical implications for incident triage and governance.
This session presents an empirical synthesis of GitGuardian’s State of Secrets Sprawl findings, derived from annual perimeter scanning of public GitHub commits. In 2024, approximately 1.4 billion new commits were analyzed to quantify the prevalence, types, and contexts of exposed credentials, with a particular focus on generic secrets created as part of internal systems, which often take the form of service tokens, keys, and connection strings. We examine where and how leaks occur across code, CI artifacts, container layers, and documentation snippets, and discuss patterns that amplify impact, including credential reuse, cross-environment sharing, and extended lifetime.
The talk emphasizes method and interpretation: how detection distinguishes specific from generic secrets, what constitutes a likely valid secret at scale, and the limitations inherent in perimeter-only observation. We connect observed trends to practical implications for incident triage and governance.
Type
Session
Stage
Infosec Stage
