Over 10,000 AWS access keys are currently exposed on GitHub. Are one of them yours? GitHub is the world’s leading platform for software development. The problem is it’s insecure by default. Access is inherently difficult to manage, repos can be left inadvertently public which could expose intellectual property, company passwords and keys to the internet, or could include vulnerable third-party libraries that may pull your company into the spotlight as was seen with Equifax, Uber, and Tesla. With GitHub being increasingly used as an initial attack vector, the platform is finding itself as the root cause for some of the industry’s largest breaches. In the case of Uber and Apple, public repositories resulted in exposure of proprietary code and AWS credentials. The answer? GitHub Guardian. GitHub Guardian is a solution that utilizes GitHub’s Rest APIs to ensure your accounts are safeguarded with multi-factor authentication, repository privacy control and ensuring credentials are not present in code. As the threat landscape continues to evolve – what’s next? GitHub Guardian will evolve to cover use cases around federated identity and authentication management, API security, and credential encryption enforcement for repositories.