And Travis CI joins the ranks of companies that cannot be trusted with security. Not because they have issues (who doesn’t) but because they cannot recognize and properly handle a critical vulnerability report.

The details are in this Twitter thread:

· · Web · 1 · 1 · 2

@WPalant i love their blog post, it looks like just a security recommendation out of the blue. hey customers, y'all are cool and we love you all, by the way, could you please rotate your keys? no, nothing happened, why are you asking? it's just a good practice to do that is all.

@17 And later they will say: “What, bad things happened? Didn’t we tell you to rotate the keys? Your fault.”

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.