1、How leaky was 2022?1GitGuardian State of Secrets SprawlTHE STATE OF SECRETS SPRAWL2023How leaky was 2022?2GitGuardian State of Secrets Sprawl10Mnew secrets detectedin public GitHub commits in 2022We have never detected as many secrets and secrets sprawl has been accelerating yearly since 2020.Hard-c

2、oded secrets increased by 67%compared to 2021,whereas the volume of scanned commits rose by 20%(from 860M to 1.027B commits between 2021 and 2022).+67%How leaky was 2022?3GitGuardian State of Secrets SprawlHard-coded secrets have never been a more significant threat to the security of people,enterpr

3、ises,and even countries worldwide.IT systems,open-source,and entire software supply chains are vulnerable to exploiting keys left by mistake in source code.As the world digital footprint grows,millions of such keys accumulate every year,not only in public spaces such as code-sharing platforms but es

4、pecially in closed spaces such as private repositories or corporate IT assets.In other words,secrets sprawl on GitHub is only the tip of the iceberg.This wouldnt be so concerning if credentials theft werent the most common cause of data breaches.The 2022 editions of Verizons DBIR and the IBM Cost of

5、 a data breach reports highlighted that this attack vector had remains the top concern since 2021:ForewordUse of stolen or compromised credentials remains the most common cause of a data breach.Stolen or compromised credentials were the primary attack vector in 19%of breaches in the 2022 study and a

6、lso the top attack vector in the 2021 study,having caused 20%of breaches.Breaches caused by stolen or compromised credentials had an average cost of USD 4.50 million.1 1 From the IBM Cost of a data breach 2022Secrets are not just any kind of credentials;they are the keys to obtaining privileged acce