How Google Cloud is securing open-source credentials at scale
Credentials are an essential part of modern software development and deployment, granting bearers privileged access to systems, applications, and data. However, credential-related vulnerabilities remain the predominant entry point exploited by threat actors in the cloud. Stolen credentials “are now the second-highest initial infection vector, making up 16% of our investigations,” said Jurgen Kutscher, vice-president, Mandiant Consulting, in his summary of our M-Trends 2025 report. Ensuring the safe management of these credentials is a vital task. Developers may accidentally include credentials in artifacts like source code, built software packages, or Docker images. If these credentials fall into the wrong hands, they [...]