The CNCF engaged two security firms, Trail of Bits and Atredis Partners, to poke around Kubernetes code over the course of four months. The companies looked at Kubernetes components involved in networking, cryptography, authentication, authorization, secrets…
TOC approves CNCF SIGs and creates security and storage SIGs
Earlier this year, the Technical Oversight Committee (TOC) voted to create CNCF Special Interest Groups (SIGs). CNCF SIGs are currently being bootstrapped in various focus areas and primarily led by recognized experts and supported by contributors. They…
Kubernetes in highly restrictive environments: meeting the needs of enterprise governance & security
Installing Kubernetes is easy. Ensuring it complies with your organization’s enterprise governance and security requirements isn’t. Oleg will outline a plan to use the technology while meeting enterprise security requirements. In this technically-focused talk, he’ll summarize…
9 Kubernetes security best practices everyone must follow
By Connor Gilbert, product manager at StackRox Last month, the Kubernetes ecosystem was shaken by the discovery of the first major security flaw in Kubernetes, the world’s most popular container orchestrator. The vulnerability – CVE-2018-1002105 –…
CNCF to host two security projects – Notary and TUF specification
Riyaz Faizullabhoy, Docker Security Engineer, today announced on stage at Open Source Summit Europe, that the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC) has voted Notary in as our 13th hosted project and TUF…
Protecting NATS and the integrity of open source: CNCF’s commitment to the community
When a company contributes a project to the Cloud Native Computing Foundation (CNCF), it’s not just sharing code—it’s making a commitment to the open source community. It’s a pledge to uphold open collaboration, shared community ownership,…
Notary Project announces Notation v1.3.0 and tspclient-go v1.0.0!
The Notary Project maintainers are thrilled to announce the latest releases, including notation v1.3.0, notation-go v1.3.0, notation-core-go v1.2.0 and tspclient-go v1.0.0! These new versions are production ready and have successfully completed a comprehensive security audit. Check…
Cloud Native Computing Foundation Announces CubeFS Graduation
Open source distributed storage system is used by 200+ organizations storing 350 petabytes of data SAN FRANCISCO, Calif. – January 21, 2025 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native…
Fuzzing the CNCF landscape in 2024
By Chris Aniszczyk (CNCF), Adam Korczynski (Ada Logics), David Korczynski (Ada Logics) CNCF maintains a high level of security for its projects by way of a series of initiatives such as security auditing, supply-chain assessments and…
Cloud Native Computing Foundation Announces cert-manager Graduation
Open source security project automates highly secure, encrypted data communications in cloud native environments SALT LAKE CITY, Utah – KubeCon + CloudNativeCon North America – November 12, 2024 – The Cloud Native Computing Foundation® (CNCF®), which…