A sophisticated adversary may discover the embedded key in the software through reverse engineering the source code. This inadvertent key disclosure could then allow an attacker to abuse the API in ways other than intended.
Jason is conducting an assessment of a network-enabled software platform that contains a published API. In reviewing the platform's key management, he discovers that API keys are embedded in the source code for the application. Which of the following statements best describes the security flaw with this coding practice?
​
A. Key management is no longer required since the key is embedded in the source code​
B. The embedded key may be discovered by an attacker who reverse engineers the source code​
C. It is difficult to control the permission levels for embedded keys​
D. Changing the API key will require a corresponding software upgrade