Are your pipelines secure?
Years ago, I would have called this overly paranoid…afterall, it would have to be an inside job from one of your employees (or a bad actor that has gained access to an employee’s account).
But then one of the scariest possible scenarios happened…a company I was working at was (allegedly) hacked from the inside from a group of employees. The employees were smart, had the permissions and intent to do harm and then to cover their own tracks.
Below is an interesting article on pipeline security for vulnerables of argument injection, source code stealing, and shared infrastructure attacks.
In a world with layoffs and restructuring fueling current and past disgruntled employees, securing your pipelines should become a standard practice for your engineering teams.
Let me know what you think of this article on twitter @Erpenbeck!