December 20, 2019

196 words 1 min read

The Devil in the Details: Kubernetes First Security Assessment

The Devil in the Details: Kubernetes First Security Assessment

In October of last year, the Kubernetes project created a new Security Audit working group and began Kubernetes first comprehensive third-party security assessment. In the months that followed, we wo …

Talk Title The Devil in the Details: Kubernetes First Security Assessment
Speakers Aaron Small (Product Manager, Google), Jay Beale (CTO, InGuardians)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location San Diego, CA, USA
Date Nov 15-21, 2019
URL Talk Page
Slides Talk Slides
Video

In October of last year, the Kubernetes project created a new Security Audit working group and began Kubernetes’ first comprehensive third-party security assessment. In the months that followed, we worked closely with Trail of Bits and Atredis Partners to assess and improve Kubernetes’ security posture.  Through code review and penetration testing, we found and addressed 37 new vulnerabilities.  With support from many Kubernetes contributors, the third party security firms and Kubernetes project produced a formal threat model covering eight critical components across six different trust zones.  In this talk, we will share our findings, methodology, and vision for future security investments.  We’ll discuss what the work uncovered, and what this means to Kubernetes security both now and for the future.

comments powered by Disqus