Explore how the Argo project transitioned from being security-aware to adopting a security-first approach in this 34-minute conference talk by Henrik Blixt and Michael Crenshaw from Intuit. Gain insights into the journey of an incubating CNCF project as it navigates the challenges of enhancing its security posture. Learn about the implementation of project processes for handling reported vulnerabilities, collaboration with external security companies, and the support received from the CNCF. Discover engineering best practices, including concrete implementations of SBOMs and Fuzzing. Benefit from valuable information applicable to incubating or sandbox projects aiming to improve their security stance, as well as insights relevant to any software project or product. Delve into topics such as the Argo Project background, formation of Argo SIG Security, formalizing documentation processes, and leveraging CNCF and community project resources.
How the Argo Project Transitioned From Security Aware to Security First
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Al-driven expert platform
We believe in open source and open collaboration
Argo Project Background
Adding Security Strategy and Posture
Having a Place to Talk
Formation of Argo SIG Security
Formalizing and Documenting Process
Engineering Best Practices - SBOMs
Engineering Best Practices - Fuzzing
CNCF/Community Project Resources
Taught by
CNCF [Cloud Native Computing Foundation]
