Clearly, event tracking and identifying suspicious activities in GitHub is crucial for mitigating the risk of data exfiltration and breeches, said Adam Gavish, cofounder and CEO at software-as-a-service (SaaS) security vendor DoControl.
But it’s important to also remember that many “insider” threats are accidental, with no malicious intent, Gavish said in an email. “It’s purely a matter of human error.”
For example, uploading the wrong source code to a public repo in GitHub — which was meant to be private — is likely the result of a developer not paying close enough attention, he said. Thus, along with event tracking, preventative measures to remove human error should be considered as well, Gavish said.