google_places

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Open source communities depend on the work of thousands of software developers that volunteer their time to maintain software components. Software developers build up the reputation of their open source projects by developing in public. Modern source code repositories have many social features that allow software developers to handle bug reports, have discussions with their users, and convey reaching significant project milestones. It is uncommon to find open source projects that omit linking their component to a publicly accessible source code repository.

Prevalence in RubyGems community

No prevalence information at this time

Problem

Private keys and certificates are considered sensitive information that should not be included in released software packages. However, developers frequently release sensitive information alongside their applications to facilitate automated software testing. Testing keys and certificates often proliferate through the software supply chain. When such information gets shared publicly, it is catalogued by file reputation databases. Any private key and certificate files seen by a file reputation database prior to configured time threshold can be automatically suppressed. Commonly shared sensitive information is not considered to be secret.

Problem

Software as a Service (SaaS) platforms expose programmable interfaces to their authenticated users. These web services enable action automation and secure exchange of information. Web service users can provide a unique key that identifies the caller or confirms the access rights. API keys for supported web services are automatically validated via the least privilege APIs the service exposes. Detected API keys have been refused by their associated service as either inactive or expired. API keys could be considered secret. Keys that can be safely included in a software release package should only be used to identify the caller. For authentication, users should generate their own access keys instead.