CloudNativeSecurityCon 2023: 3 key areas to watch
If the past couple of years taught us anything, it’s the importance of security in cloud native and open source environments. The fallout of vulnerabilities like Log4j even reached the U.S. Federal Government with the Executive Order on…
The Cutting Edge Schedule for CloudNativeSecurityCon 2023 is Now Available
First-time standalone conference will highlight cloud native security projects and best practices for handling the security challenges organizations are facing today SAN FRANCISCO, Calif. – December 14, 2022 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable…
The 2-minute test for Kubernetes Pod security
Project post originally published on DZone by Jim Bugwadia Learn how to audit your clusters for compliance with the latest Kubernetes Pod Security Standards without installing anything in the cluster. In this post, I will show you how…
Project post by KubeEdge maintainers The security of cloud native edge computing has been of concern to many users. It was difficult for users to perform effective security hardening on their edge systems due to no security threat…
Improving Security by Fuzzing the CNCF landscape
By Chris Aniszczyk (CNCF), Adam Korczynski (Ada Logics), David Korczynski (Ada Logics) In this blog post we present an overview of the state of fuzzing across CNCF projects. This is based on efforts and work that CNCF has…
Efficient GRC with cybersecurity tooling
Guest post originally published on the Snapt blog by Iwan Price-Evans “Governance, risk, and compliance” (GRC) might be dirty words for many people working in application development and delivery. Strict rules and processes can be obstacles to innovation…
Know your cloud security acronyms: CWPP, CSPM, CIEM and CNAPP
Guest post originally published on the Orca Security blog by Ty Murphy and Sarah Smith Acronyms help communicate lengthy phrases, but they can sometimes be confusing. This is especially true in the security industry, which has an alphabet…
How to security harden Kubernetes in 2022
Guest post originally published on the Elastisys blog by the Elastisys team The NSA/CISA guidelines summarized, with Elastisys hands-on advice and real-world recommendations. Kubernetes is now the most popular container orchestration platform. Practically gone are the Mesoses and Docker…
Introduction to the Cloud Native Security Controls Catalog
Community post by Jon Zeolla, CTO and Co-Founder of Seiso The CNCF Security Technical Advisory Group (“Security TAG”) has provided a wealth of information to assist organizations in the planning and design of secure cloud native systems, including…
OSTIF’s audit of CRI-O is complete – high severity issues found and fixed
Community post originally published on the OSTIF blog Open Source Technology Improvement Fund is thrilled to report the results of a security audit of CRI-O. CRI-O is an open source software (OSS) project that is an implementation of the Kubernetes Container Runtime Interface. It…