If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: “supply chain attack”.
A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the ‘downstream’ applications that use them. In 2021, we have seen a dramatic rise in such attacks: high profile security incidents like the SolarWinds, Kaseya, and Codecov data breaches have shaken enterprise’s confidence in the security practices of third-party service providers.
What does this have to do with secrets, you might ask? In short, a lot. Take the Codecov case (we’ll go back…