Monday morning, just got to work.
“Tw, what’s the matter with you? The head of department development arrived at the office and said to a tw student who had graduated six months earlier.
Tw thought for half a second and then said, “I know about the statement and I’m working on it.”
Leader: “check your sister, do you know what things, how the company’s code to GitHub up?”
For a reason
Only then did the seriousness of the matter sink in. It turned out that the security department of the company monitored that the company’s code was uploaded to GitHub and reported the matter to CTO, who immediately found the development leader of our department and said that someone in our department had uploaded the company’s code to the Internet, which involved the disclosure of some sensitive information such as keys and passwords. As can be imagined, The leader must have taken a beating from the CTO.
Before, at B station, also encountered a colleague who had left the company because of a conflict, after leaving the company anonymously put the company’s code to the Internet, the news spread quickly online, in a short period of time the project was fork6000 times, STAR9000 times, business source code was curious babies stripped naked to see transparent, Big data kill ripe, scold products and other related code notes also let many people eat melon feast their eyes.
Why do companies prohibit employees from Posting codes online
First of all, there are some sensitive information in the code than using database connection information, some public and private keys, etc., will be spread on the public network by illegal users to obtain malicious destruction of the system, the consequences are very serious, may lead to business shutdown, stock crash, even bankruptcy, relevant personnel will be severely punished by the law.
Secondly, exposed business details are easy to be maliciously attacked by people using system vulnerabilities. At the same time, relevant business operations will be known by competitors, and some things that should not be known by users will also lead to the loss of users.
How to avoid similar things happening again
- The company strengthens code control. As an Internet company, data is productivity, strengthen data security. Use Intranet communication to monitor public network communication.
- Strengthen external monitoring. Discover the code information related to the company on the public network in the shortest time.
- Raise security awareness among employees and highlight the dangers of uploading code without permission.
- Divide code permissions well. Different people have minimal relevant authority.
The reason for this code upload and the final processing result
Recently, when the company was carrying out security rectification in various R&D departments (the former employer was responsible for payment, and there were a lot of sensitive information of merchants), colleagues in the department pushed the company’s code on GitHub. It never comes alone. After deleting the warehouse, Tw was called to have a talk and criticized by the leader. Then the leader called a group of more than a dozen OF our R&D team to the conference room and held a meeting to emphasize this matter and arrange the rectification of the project to modify the relevant sensitive information and put it into Apollo.
Since the code upload time is short, it has not been forked yet. It is also considered that it is just a tw job. The purpose of uploading the code is to let another colleague who just graduated for half a year see it, so there is no other treatment.
Hope everyone should take warning, do not arbitrarily upload the company’s code to the network, the consequences are very serious.
Done, done!!
[Spreading knowledge and sharing value], thank you for your attention and support, I am [Zhuge Little Ape], a struggling Internet migrant worker.