Last year, the Cloud Native Computing Foundation (CNCF) began the process of performing and open sourcing third-party security audits for its projects in order to improve the overall security of our ecosystem. The idea was to start with a handful of projects and gather feedback from the CNCF community as to whether or not this pilot program was useful. The first projects to undergo this process were CoreDNS, Envoy and Prometheus. These first public audits identified security issues from general weaknesses to critical vulnerabilities. With these results, project maintainers for CoreDNS, Envoy and Prometheus have been able to address the identified vulnerabilities and add documentation to help users. The main takeaway from these initial audits is that a public security audit is a great way to test the quality of an open source project along with its vulnerability management process and more importantly, how resilient the open source project’s security practices are. With CNCF graduated projects especially, which are used widely in production by some of the largest companies in the world, it is imperative that they adhere to the highest levels of security best practices.
1 month, 2 weeks agoCloud Native Application From Scratch - Kamil Hajduczenia
Ready to see some code? Containers, microservices, GKE, and more. Dive deep into application develop..
Bill Mulligan , 1 month agoCloud Native Best Business Practices (Part 4): Automatic Backup And Disaster Recovery
To quote Michael Dell, “the cloud isn’t a place, it’s a way of doing IT.“ As IT becomes more and mor..
1 month, 1 week agoAporeto Launches Zero Trust Cloud Security Solution For Kubernetes Multi-cluster Deployments
Aporeto, the leader in Zero Trust Cloud Security, announced its cloud network security solution for ..
Thiyagarajan Arumugam , 2 months, 1 week agoOrchestrate an ETL Process Using AWS Step Functions For Amazon Redshift
Modern data lakes depend on extract, transform, and load (ETL) operations to convert bulk informatio..