Trust No System: The Unsettling Reality of Zero Trust

Explore the unsettling reality of zero trust in cloud-native security through this provocative keynote address. Challenge conventional wisdom surrounding trust and software security, understanding that trust is a decision made by the observer rather than an intrinsic property of a system. Dive into cloud-native security fallacies and misconceptions, debunking the myth of "trustworthy" systems with real-world examples of catastrophic failures. Examine the implications for developers, operators, and businesses, emphasizing the need for continuous vigilance and validation in security practices. Discover actionable strategies for managing trust in cloud-native environments, including embracing chaos engineering, implementing comprehensive auditing and monitoring, and fostering a skeptical mindset. Reconsider your approach to trust in the cloud and gain insights into the true nature of software security in this thought-provoking 16-minute presentation by Frederick Kautz, Steering Committee Member of SPIFFE/SPIRE.