> Over the past few days, we have made other significant improvements to the sec... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		afro88 on June 1, 2024 \| parent \| context \| favorite \| on: Space secrets leak disclosure > Over the past few days, we have made other significant improvements to the security of the Spaces infrastructure, including completely removing org tokens (resulting in increased traceability and audit capabilities), implementing key management service (KMS) for Spaces secrets, robustifying and expanding our system’s ability to identify leaked tokens and proactively invalidate them, and more generally improving our security across the board. That's a serious amount of non-trivial work to be done in "a few days". The kind of work that should trigger more time consuming activities like security audits, pen tests and the like, before going live, right?

erhaetherth on June 1, 2024 | [–]

Hopefully the work was underway for awhile already, and maybe they just launched it now because the damage is already done?

fragmede on June 2, 2024 | [–]

at a larger organization with a whole SRE department that inclues a dedicated security team, sure, but (my impression is) huggingface isn't that size of an org (yet).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact