Open Sourcing The Kubernetes Security Audit

Last year, the Cloud Native Computing Foundation (CNCF) began the process of performing and open sourcing third-party security audits for its projects in order to improve the overall security of our ecosystem. The idea was to start with a handful of projects and gather feedback from the CNCF community as to whether or not this pilot program was useful. The first projects to undergo this process were CoreDNS, Envoy and Prometheus. These first public audits identified security issues from general weaknesses to critical vulnerabilities. With these results, project maintainers for CoreDNS, Envoy and Prometheus have been able to address the identified vulnerabilities and add documentation to help users.

The main takeaway from these initial audits is that a public security audit is a great way to test the quality of an open source project along with its vulnerability management process and more importantly, how resilient the open source project’s security practices are. With CNCF graduated projects especially, which are used widely in production by some of the largest companies in the world, it is imperative that they adhere to the highest levels of security best practices.


Comments

Be the first to comment !



Related Posts


Bryan Betts , 4 months, 4 weeks ago

Kubernetes Catches up With Operational Reality

With Kubernetes now established in many organisations as the container orchestration platform of ..

3 months, 2 weeks ago

Cloud Native Application From Scratch - Kamil Hajduczenia

Ready to see some code? Containers, microservices, GKE, and more. Dive deep into application deve..

Bill Mulligan , 3 months, 1 week ago

Cloud Native Best Business Practices (Part 4): Automatic Backup And Disaster Recovery

To quote Michael Dell, “the cloud isn’t a place, it’s a way of doing IT.“ As IT becomes more and ..

3 months, 2 weeks ago

Another Week, Another Kubernetes Security Flaw

The latest security vulnerability discovered within the Kubernetes cluster orchestrator could all..

3 months, 2 weeks ago

Aporeto Launches Zero Trust Cloud Security Solution For Kubernetes Multi-cluster Deployments

Aporeto, the leader in Zero Trust Cloud Security, announced its cloud network security solution f..

Thiyagarajan Arumugam , 4 months, 1 week ago

Orchestrate an ETL Process Using AWS Step Functions For Amazon Redshift

Modern data lakes depend on extract, transform, and load (ETL) operations to convert bulk informa..

-->