|
| 1 | +--- |
| 2 | +title: "Trust by Default" |
| 3 | +description: "Why teams trust Apache Camel in production: a predictable, near-monthly release cadence with long term support, security vulnerabilities fixed proactively and disclosed openly through the Apache process, and a vendor-neutral community. In production since 2007 at UPS, CERN, SAP, banks, governments, and healthcare providers worldwide." |
| 4 | +keywords: |
| 5 | +- apache camel |
| 6 | +- trust |
| 7 | +- security |
| 8 | +- release cadence |
| 9 | +- long term support |
| 10 | +- LTS |
| 11 | +- CVE |
| 12 | +- responsible disclosure |
| 13 | +- open source governance |
| 14 | +- apache software foundation |
| 15 | +- enterprise integration |
| 16 | +- production |
| 17 | +--- |
| 18 | + |
| 19 | +Apache Camel has been running in production since 2007. Some of the largest organizations in |
| 20 | +the world (banks, airlines, hospitals, government agencies, and Fortune 10 companies) route |
| 21 | +business-critical traffic through Camel every second of every day. |
| 22 | + |
| 23 | +That kind of reliance has to be earned, and it cannot be claimed with a logo or a badge. We earn |
| 24 | +it the same way on every release: in the open, on a predictable schedule, with security handled |
| 25 | +transparently, and as a community that answers to no single vendor. Everything below is a matter |
| 26 | +of public record: you do not have to take our word for any of it. That is what *trust by |
| 27 | +default* means for Apache Camel. |
| 28 | + |
| 29 | +{{< div "box" >}} |
| 30 | + |
| 31 | +<a href="/download/" class="icon" title="Releases and Long Term Support">{{< icon "download" "Down arrow" >}}</a> |
| 32 | + |
| 33 | +{{< div "content" >}} |
| 34 | + |
| 35 | +## A predictable release cadence |
| 36 | + |
| 37 | +Camel ships a new release almost every month, so fixes and improvements reach you in weeks rather |
| 38 | +than years. Designated **Long Term Support (LTS)** releases receive bug and security fixes for up |
| 39 | +to a year, giving you a stable target you can plan around. We treat backward compatibility as a |
| 40 | +feature: the rare breaking change is always documented in the |
| 41 | +[Migration and Upgrade](/manual/migration-and-upgrade.html) guide, so an upgrade never holds a |
| 42 | +surprise. |
| 43 | + |
| 44 | +<p> |
| 45 | +<a class="button dark" href="/download/">See the releases</a> |
| 46 | +</p> |
| 47 | + |
| 48 | +{{< /div >}} |
| 49 | + |
| 50 | +{{< /div >}} |
| 51 | + |
| 52 | +{{< div "box" >}} |
| 53 | + |
| 54 | +<a href="/security/" class="icon" title="Security advisories and the Camel security model">{{< icon "security" "Padlock" >}}</a> |
| 55 | + |
| 56 | +{{< div "content" >}} |
| 57 | + |
| 58 | +## Security handled in the open |
| 59 | + |
| 60 | +Every reported vulnerability is handled through the Apache Software Foundation's coordinated |
| 61 | +disclosure process and published as a full, PGP-signed advisory, an unbroken public track record |
| 62 | +that goes back to 2013. A canonical [Security Model](/manual/security-model.html) documents |
| 63 | +exactly where the trust boundaries sit and what is in or out of scope, fixes are delivered across |
| 64 | +every supported LTS line, and we proactively review and harden the framework rather than wait for |
| 65 | +someone else to find the problem. |
| 66 | + |
| 67 | +<p> |
| 68 | +<a class="button dark" href="/security/">Security & advisories</a> |
| 69 | +</p> |
| 70 | + |
| 71 | +{{< /div >}} |
| 72 | + |
| 73 | +{{< /div >}} |
| 74 | + |
| 75 | +{{< div "box" >}} |
| 76 | + |
| 77 | +<a href="/community/" class="icon" title="The Apache Camel community">{{< icon "community" "People" >}}</a> |
| 78 | + |
| 79 | +{{< div "content" >}} |
| 80 | + |
| 81 | +## A vendor-neutral community |
| 82 | + |
| 83 | +Camel is an Apache Software Foundation project, governed by a meritocratic community under the |
| 84 | +ASF's open and vendor-neutral model. No single company controls its roadmap, and no one can take |
| 85 | +it away from you. Development happens entirely in the open on public mailing lists and chat, and |
| 86 | +anyone is free to read the code, propose a change, review a release, or verify a fix for |
| 87 | +themselves. |
| 88 | + |
| 89 | +<p> |
| 90 | +<a class="button dark" href="/community/">Meet the community</a> |
| 91 | +</p> |
| 92 | + |
| 93 | +{{< /div >}} |
| 94 | + |
| 95 | +{{< /div >}} |
| 96 | + |
| 97 | +{{< div "box" >}} |
| 98 | + |
| 99 | +<a href="/community/user-stories/" class="icon" title="Who uses Apache Camel">{{< icon "user-stories" "Person talking" >}}</a> |
| 100 | + |
| 101 | +{{< div "content" >}} |
| 102 | + |
| 103 | +## Proven in production |
| 104 | + |
| 105 | +More than 100 known organizations run Apache Camel in production: UPS processing tens of billions |
| 106 | +of messages a day, CERN, SAP's Integration Suite, alongside banks, airlines, healthcare providers, |
| 107 | +and national governments across six continents. Commercial platforms from Red Hat, SAP, and others |
| 108 | +are built directly on Camel. |
| 109 | + |
| 110 | +<p> |
| 111 | +<a class="button dark" href="/community/user-stories/">Who uses Camel</a> |
| 112 | +</p> |
| 113 | + |
| 114 | +{{< /div >}} |
| 115 | + |
| 116 | +{{< /div >}} |
| 117 | + |
| 118 | +Trust is not a feeling. It is a record. Camel's is public and unbroken: every release, every |
| 119 | +advisory, and every line of code is out in the open for you to check. |
0 commit comments