Table of content
Software intellectual property, also known as software IP, is a computer code or program that is protected by law against copying, theft, or other use that is not permitted by the owner. Software IP belongs to the company that either created or purchased the rights to that code or software. Leakage refers to a situation where this IP is accessed by a third party that is not authorized by the owner. This usually happens as a result of the mismanagement of IP or further to a major breach as in the case of Samsung, Nvdia or Microsoft.
When source code leaks, it can lead to a number of issues:
It is clear just how bad source code leaks affect organizations. There are a number of famous source code leaks that led to the organization making losses like Mercedes, Nintendo, and Nissan. But all code leaks are not made public by the hackers themselves, it is even a minority of them. Some consider these leaks to pose a benign risk and discard them as mere copyright infringement. But from a security perspective, leaked code gives hackers exactly what they need – from hardcoded secrets to IaC templates – to identify holes and carry out malicious attacks.
Source code leaks happen from time to time and when they do, as the organization it is needed to act fast to secure your assets and your development environment. The longer an insider threat incident lingers, the costlier it gets for your organization.
Before any further harm may occur, the first step is to "plug" the leak.
However, this means that we must first be able to locate it. This is no easy task, as the source of the leak may not be obvious right away. It isn't always due to a technological error or omission. Sometimes, something sinister is at work in some circumstances. Some leaks occur as a result of social engineering (deceiving an employee into sharing information), negligence (an employee keeping their work on personal devices), or, worse, a disgruntled former employee taking source code as they leave the company. They may not necessarily stop until caught. As a result, identifying the source of the leak is the first step in a successful response.
The next step should be to contain the leak, which will depend on the source and type of leak.
Take the appropriate steps to do so. Review your server configuration and harden it to guarantee that access is limited to only verified users in the case of technological leaks. If a server has been compromised, examine it and any associated plug-ins to rule out any exploits that were exploited to gain access to the infrastructure. Use a legal take-down notification (such as a DMCA notice) if leaked code is posted to third-party entities like GitHub or PasteBin to immediately delete the leaked code.
The third stage is to keep your customers informed.
Even if you strive to contain a source code leak, it can cause service interruptions for your clients. Personal information may have been exposed in the incident, exposing your clients to future security concerns. Rapid and transparent communication with your customers about the incident is essential. Be sure to quickly reach out so they do not learn about the leak from outside sources such as the media. Maintain honesty and professionalism with your consumers throughout the process to avoid potential damage to your company's reputation. Provide a public summary of the steps taken by your company to stop the leak and minimize the damage. Include a repair strategy in extreme instances, such as when a leak involves exploitable, publicly identifiable information.
The next step should be to secure your assets with a multi-layered security approach. Multi-layered security uses the idea that security can be maximized by implementing various layers of protection for different purposes. You must know where your essential assets are located to secure them with a multi-layered security operation, whether for HR, Legal, Marketing, or IT.
Implement the tools and security policies you need to prevent, detect, and respond to any threat in real-time to prevent a single point of failure from bringing your entire business down.
As an example, as a first line of protection against human engineering infiltration, you might deploy a technology that monitors incoming communication for phishing activities.
Consider a technology that interfaces with the continuous delivery or continuous deployment (CD/CI) pipeline to prevent a mistaken code commit of source code exposing secrets to a code repository.
Securely safeguard your source code to negate or mitigate source code leaks. Of course, the best defense is always prevention. Source code management, whether via internal repositories or external hosts like GitHub, should be securely controlled, with strong, fine-tuned limits on who can access the repository and code within.