The vulnerability disclosure process involves reporting security flaws in software or hardware, and can be complex. Cooperation between the organization responsible for the software or hardware, and the security researcher who discovers the vulnerability can be complicated. In this blog we’ll look at the vulnerability disclosure process, the parties involved and how they can collaborate productively.

If you’re among the nearly one in four professional developers using PHP (according to StackOverflow’s 2021 survey), then the maintainers of Composer would really like you to migrate from v1 of the PHP package manager to v2. On October 24 2020, Composer 2.0.0 was released with some major improvements.Since almost eight out of every ten websites on the internet use PHP in some way, that’s a change with big impact.

This is the first of many posts highlighting GitOps topics that we’ll be exploring. Within this post, we will explore Helm, a tool used for Kubernetes package management, that also provides templating. Helm provides utilities that assist Kubernetes application deployment. In order to better understand how Helm charts are mapped to Kubernetes manifests, we’ll explain more details below and how to use Helm with and without GitOps.

Testing is one of those activities that if not exhaustive will not have its complete impact on your software development process. Oftentimes developers are only concerned about testing the application layer of the system (a.k.a the codebase) and ignore testing the data layer (the database) which is also as important as testing the code itself.

Achieving comprehensive security for the products delivered and deployed by organizations is becoming more difficult, due to a variety of factors. A key one is the growing volume, variety and complexity of software and connected devices in use. Another is the overwhelming risk of inherited software supply chain exposures. The result: Companies struggle every day to provide software with optimal security and protection against malicious activities, takeovers, data theft, and commercial sabotage.

Today is CircleCI’s 10-year anniversary. I sent the whole staff an email that captures the sentiment of this important moment and I wanted to share it with you here. It offers a glimpse into what we’ve accomplished as an organization in the last decade and how much more we’ll accomplish in the decades to come.

If you maintain a Ruby gem, you are definitely familiar with the recurring manual tasks surrounding the release of a new version. After doing this for a while, you inevitably start thinking that some of these steps could be automated. They can! With a few lines of code, you can bring the amazing world of continuous delivery to your project and increase the reliability of the whole process while freeing up some of your time. Double win!

We’re delighted to thank the Conan community on reaching a major milestone, the public contribution of over 1,000 Conan recipes to Conan Center, the repository for hosting C/C++ packages! Conan recipes are Python-language files that describe how a Conan package is consumed. Each recipe is used to produce hundreds of C/C++packages, so this is an achievement with huge community impact.

Today we’re sharing findings from The Total Economic Impact™ Of CircleCI, a commissioned study conducted by Forrester Consulting on behalf of CircleCI. The study revealed that CircleCI delivered a 664% return on investment (ROI) over a three-year period and highlighted that our platform increased developer productivity by 10%. This results in a greater efficiency value of more than $4.3 million, enabling organizations to increase engineering velocity that drives business success.