Matthew R. McNiece scite author profile

Matthew R. McNiece

5Publications

26Citation Statements Received

28Citation Statements Given

How they've been cited

How they cite others

Affiliations

Cisco Systems (United States), Wake Forest University, North Carolina State University

Publications

Order By: Most citations

How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories

Meli

McNiece

Reaves

2019

View full text Add to dashboard Cite

GitHub and similar platforms have made public collaborative development of software commonplace. However, a problem arises when this public code must manage authentication secrets, such as API keys or cryptographic secrets. These secrets must be kept private for security, yet common development practices like adding these secrets to code make accidental leakage frequent. In this paper, we present the first large-scale and longitudinal analysis of secret leakage on GitHub. We examine billions of files collected using two complementary approaches: a nearly six-month scan of real-time public GitHub commits and a public snapshot covering 13% of open-source repositories. We focus on private key files and 11 high-impact platforms with distinctive API key formats. This focus allows us to develop conservative detection techniques that we manually and automatically evaluate to ensure accurate results. We find that not only is secret leakage pervasive-affecting over 100,000 repositories-but that thousands of new, unique secrets are leaked every day. We also use our data to explore possible root causes of leakage and to evaluate potential mitigation strategies. This work shows that secret leakage on public repository platforms is rampant and far from a solved problem, placing developers and services at persistent risk of compromise and abuse.

show abstract

An Evolutionary Strategy for Resilient Cyber Defense

Fulp

Gage

John

et al. 2015

View full text Add to dashboard Cite

An Evolutionary Strategy for Resilient Cyber Defense

Fulp¹,

Gage²,

John³

et al. 2014

View full text Add to dashboard Cite

Characterizing the Security of Endogenous and Exogenous Desktop Application Network Flows

McNiece

Reaves

2021

View full text Add to dashboard Cite

Using Evolutionary Diversity to Identify Problematic Software Parameters

Fulp

Gage

McNiece

2017

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.