Explore the intricacies of CNCF security audits in this informative conference talk by Adam Korczynski and David Korczynski from Ada Logics. Gain insights into the graduation requirements for CNCF projects, including the mandatory third-party security audit process. Discover the behind-the-scenes progression of security audits, project expectations, and outcomes based on the speakers' extensive experience auditing six CNCF projects: Flux, CRI-O, KubeEdge, Argo, Istio, and Cilium. Learn about common vulnerabilities found during audits, mitigation strategies, and the importance of publishing results publicly. Understand how audit reports benefit contributors, adopters, and security researchers looking to enhance project security. Delve into both high-level problems and technical security issues faced by CNCF projects, providing a comprehensive overview of the security landscape in cloud-native computing.
Overview
Syllabus
A Look Under the Hood of CNCF Security Audits - Adam Korczynski & David Korczynski, Ada Logics
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Fuzzing the CNCF Landscape - Challenges and Results
-
The State of Vulnerability in Cloud Native Security
-
The Quest for CNCF Ecosystem Security
-
How the Argo Project Transitioned From Security Aware to Security First
-
Improving Posture of Critical OSS Projects with Security Audits
-
Security TAG Closing - Highlights and Future Work
