Last year, the Cloud Native Computing Foundation (CNCF) began the process of performing and open sourcing third-party security audits for its projects in order to improve the overall security of our ecosystem. The idea was to start with a handful of projects and gather feedback from the CNCF community as to whether or not this pilot program was useful. The first projects to undergo this process were CoreDNS, Envoy and Prometheus. These first public audits identified security issues from general weaknesses to critical vulnerabilities. With these results, project maintainers for CoreDNS, Envoy and Prometheus have been able to address the identified vulnerabilities and add documentation to help users. The main takeaway from these initial audits is that a public security audit is a great way to test the quality of an open source project along with its vulnerability management process and more importantly, how resilient the open source project’s security practices are. With CNCF graduated projects especially, which are used widely in production by some of the largest companies in the world, it is imperative that they adhere to the highest levels of security best practices.



Read more

join Faun to receive similar hand-curated and must-read articles and news.

Related Posts


Bryan Betts , 2 months, 3 weeks ago

Kubernetes Catches up With Operational Reality

With Kubernetes now established in many organisations as the container orchestration platform of the..

1 month, 2 weeks ago

Cloud Native Application From Scratch - Kamil Hajduczenia

Ready to see some code? Containers, microservices, GKE, and more. Dive deep into application develop..

Bill Mulligan , 1 month ago

Cloud Native Best Business Practices (Part 4): Automatic Backup And Disaster Recovery

To quote Michael Dell, “the cloud isn’t a place, it’s a way of doing IT.“ As IT becomes more and mor..

1 month, 1 week ago

Another Week, Another Kubernetes Security Flaw

The latest security vulnerability discovered within the Kubernetes cluster orchestrator could allow ..

1 month, 1 week ago

Aporeto Launches Zero Trust Cloud Security Solution For Kubernetes Multi-cluster Deployments

Aporeto, the leader in Zero Trust Cloud Security, announced its cloud network security solution for ..

Thiyagarajan Arumugam , 2 months, 1 week ago

Orchestrate an ETL Process Using AWS Step Functions For Amazon Redshift

Modern data lakes depend on extract, transform, and load (ETL) operations to convert bulk informatio..