Alexander Krause is a PhD Candidate at CISPA - Helmholtz Center for Information Security and Leibniz University Hannover. He is a member of the TeamUSEC research group. His research interests include usable security and privacy as well as any surroundings in this research area. He received his MSc in Computer Science from Leibniz University Hannover in 2021 with distinction (1.0).
PhD in Computer Science, TBA ~2025/2026
CISPA, Leibniz University Hannover
MSc in Computer Science, 2021
Leibniz University Hannover
BSc in Computer Engineering, 2019
Leibniz University Hannover
Responsibilities include:
Version control systems for source code, such as Git, are key tools in modern software development. Many developers use services like GitHub or GitLab for collaborative software development. Many software projects include code secrets such as API keys or passwords that need to be managed securely. Previous research and blog posts found that developers struggle with secure code secret management and accidentally leaked code secrets to public Git repositories. Leaking code secrets to the public can have disastrous consequences, such as abusing services and systems or making sensitive user data available to attackers. In a mixed-methods study, we surveyed 109 developers with version control system experience. Additionally, we conducted 14 in-depth semi-structured interviews with developers who experienced secret leakage in the past. 30.3% of our participants encountered code secret leaks in the past. Most of them face several challenges with secret leakage prevention and remediation. Based on our findings, we discuss challenges, such as estimating the risks of leaked secrets, and the needs of developers in remediating and preventing code secret leaks, such as low adoption requirements. We conclude with recommendations for developers and source code platform providers to reduce the risk of secret leakage.