Comcast has announced that their xGitGuard software is now open source. Dr. Bahman Rashidi, Director of Comcast Cable’s Cybersecurity & Privacy Engineering Research team, created the application in-house to “address the global issue of potential authentication secrets being inadvertently uploaded to GitHub.”
The xGitGuard technology, according to Comcast, allows customers to scan GitHub “at scale and identify proprietary authentication secrets, such as passwords, API keys, and tokens.” GitHub and other open source databases serve as repositories for developers to exchange existing code and content. They could, however, unintentionally or actively host proprietary data that was not intended to be shared. To protect enterprises from being harmed, xGitGuard uses one of two models: one for recognising passwords and the other for detecting API tokens and keys, according to Comcast.
xGitGuard, according to the business, is powered by a “six-step process” that combines artificial intelligence and natural language processing. Searching GitHub at scale, filtering results, detecting and extracting secret content, identifying the developer, validating secret content, and then sending the problematic content for remediation are all part of the process.
Comcast has been using xGitGuard internally since 2020, with several teams utilising its skills to protect the company’s digital assets. It has been effectively used by the cable provider’s Product Security Incident Response Team (PSIRT) to discover and remediate internal code.
“An invaluable tool for supporting [its] secure development lifecycle,” Comcast says of xGitGuard. It now hopes that if external developers have access to the source code, the newly open source technology will be strengthened and “continue to evolve.”
Developers and technicians interested in the xGitGuard utility can find further information in the papers uploaded on the project’s public GitHub page.