Reply to post: Security ain't that hard

Python Package Index found stuffed with AWS keys and malware

Cliffwilliams44 Bronze badge

Security ain't that hard

"I believe a fair bit of the blame can be laid at the feet of developers, but this sort of thing may not be part of their core competency – security is hard to get right at the best of times,"


It ain't hard to store your access keys in Secrets Manager and retrieve the keys when you need them programatically, then rotate those keys on a regular basis and make sure the keys you are using ONLY have access to the resources you need.

This is just lazyness and/or blatent incompetance!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon