Can anyone please give an update on what actually went down and why you’re now confident things are ok? Can we really allow Circle CI access to our critical systems, credentials and code again?
I’m sorry to say but the following phrase: We have confidence in the security of the CircleCI platform, and customers can continue to build. doesn’t cut it for our team. Confidence in a security posture is one thing, but you got pwned, we have all been pwned because of it. So what exactly has changed to mitigate the issue? I really think release this detail will help restore customer confidence.
We still feel it’s better we at least lock CircleCI out of our systems, until we receive greater transparency on what’s gone down.
I’m not ignorant to the fact you can’t always give our all details for your own security reasons, but I’m sorry to say “trust us” and “have confidence” isn’t really working for many people at this point and I think enough time has gone by to disclose more information, especially if as you say, things are under control.
Please release more details sooner rather than later.