Building robust systems involves designing for failure. As Site Reliability Engineers at GitHub, we’re always on the lookout for places where redundancy can help to mitigate problems, and today we’ll be talking about steps we’ve recently taken to shore up how you locate our servers via DNS.

In February, we shipped the “Recover Accounts Elsewhere” feature to help people regain access to their accounts if they lose access to their two-factor device or token. It is an implementation of the Delegated Account Recovery specification published by Facebook.

We are glad we chose Markdown as the markup language for user content at GitHub. It provides a powerful yet straightforward way for users (both technical and non-technical) to write plain text documents that can be rendered richly as HTML.

Cryptographic standards are ever evolving. It is the canonical game of security cat and mouse, with attacks rendering older standards ill-suited, and driving the community to develop newer and stronger standards to take their place. There have been a number of cryptographic attacks over the past of couple of years. These include, but are not limited to, attacks such as POODLE and Logjam . And, while there have been workarounds for some of these attacks, they demonstrated that several cryptographic standards in wide deployment are showing their age and should be retired. As a result, GitHub is announcing the immediate deprecation, and eventual disablement, of our use of the following cryptographic standards:

Last month, we announced the third anniversary of our Bug Bounty Program. While there’s still time to disclose your findings through the program, we wanted to pull back the curtain and give you a glimpse into how GitHub’s Application Security team triages and runs it.