Establishing Container Trust at Scale [I]
Quantifying risks in a container image is a critical aspect of production deployments. With orchestration clusters supporting thousands of nodes, any risk assessment solution must work at production s …
Talk Title | Establishing Container Trust at Scale [I] |
Speakers | Tim Mackey (Senior Technical Evangelist, Black Duck by Synopsys) |
Conference | KubeCon + CloudNativeCon North America |
Conf Tag | |
Location | Austin, TX, United States |
Date | Dec 4- 8, 2017 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
Quantifying risks in a container image is a critical aspect of production deployments. With orchestration clusters supporting thousands of nodes, any risk assessment solution must work at production scale. Once a trusted image is deemed vulnerable, application risk increases, but which applications are impacted, and how far has trust been broken? Trust is established through best practices including the use of trusted image registries, static code analysis, fuzzing, strong perimeter defenses and deployment controls. Unfortunately, this trust model omits information flow. Malicious actors succeed when applications are most vulnerable. When devising action plans in response to security disclosures, defenders must quickly assess both the impact and scope of the disclosure. This time to remediation requires accurate and actionable vulnerability assessments as applications are created, deployed and scaled. Enhancing security information flow accelerates risk mitigation at production scale.