27 maj 2026
52 min
Dwayne McDaniel, developer advocate at GitGuardian.com, joins host Priyanka Raghavan to talk about the engineering challenges of secrets management. They explore what "secrets" really are in modern systems—far beyond passwords—including API keys, tokens, certificates, and machine identities, and how "secret sprawl" emerges across the SDLC.
Drawing on reports from GitGuardian and Verizon, they discuss the growing scale of secret leaks and why credential abuse and phishing remain dominant attack vectors.
They examine common leak points—from code repos and logs to CI/CD pipelines, containers, and SaaS integrations—and how cloud, DevOps, and AI tooling are amplifying risks. Priyanka quizzes Dwayne about recent supply chain attacks from pyPi and trivy ecosystems, highlighting recurring root causes like poor access control, long-lived credentials, and weak security hygiene.
Finally, they consider detection, response, and modern solutions—short-lived credentials, secret scanning, and identity-based approaches like OWASP NHIR and SPIFFE/SPIRE—ending with practical advice for engineers to reduce blast radius and design for secure secret lifecycle management.
Lyssna på fler avsnitt från
Software Engineering Radio - the podcast for professional software developers
Visar 1–10 av 731 avsnitt
2 juli 2026
62 min
24 juni 2026
53 min
18 juni 2026
55 min
10 juni 2026
62 min
3 juni 2026
69 min
20 maj 2026
53 min
13 maj 2026
56 min
6 maj 2026
54 min
29 april 2026
59 min
23 april 2026
60 min