Visual Studio Team Services (VSTS) and passwords - don’t be the next Uber
Everyone should be aware that bad actors routinely scan code posted publicly to GitHub for passwords and private encryption keys that developers have left visible – it still amazes me how often you can find this level of information via a Google search.
The data breach at Uber holds a lesson for software developers and their security teams who use third-party services to store and share code. Services like GitHub and Source Forge are frequently used by developers to collaborate on projects, track bugs in code and distribute versions of applications, but there an obvious target.
I came across the following Microsoft white paper as I was looking for guidance that describes the steps that Microsoft takes to keep VSTS projects safe, available, secure, and private but in addition, it describes the role we play in keeping our VSTS projects safe and secure.