According to Gov Info Security, a security incident at CircleCI may have resulted in attackers gaining access to their customer’s code development environments.
CircleCI published a security bulletin, warning customers to “rotate any secrets stored in CircleCI” as the company continues to investigate a possible intrusion and data breach.
For the development community, this is alarming, as many developers use cloud-based tools to protect and share source code. Developers also use tools to build systems in a process known as continuous integration.
At Eclypses, our team does all of this in our own data center/servers, so we are not at risk. As Joe Jeanjaquet, Sr. Director of Applied Technologies at Eclypses states, “From a developer’s perspective, our approach to security has been to protect yourself from the things you don’t control.”
“The development world has evolved immensely over the past decade. This evolution has greatly increased capabilities and flexibility but has also introduced third parties into most companies’ development processes. When setting up development processes it is important that security of intellectual property is one of the highest considerations and that incorporating elements you don’t control is limited as much as possible,” comments Aron Seader, Sr. Director of Core Engineering at Eclypses.