A Look Under the Hood of CNCF Security Audits

Explore the intricacies of CNCF security audits in this informative conference talk by Adam Korczynski and David Korczynski from Ada Logics. Gain insights into the graduation requirements for CNCF projects, including the mandatory third-party security audit process. Discover the behind-the-scenes progression of security audits, project expectations, and outcomes based on the speakers' extensive experience auditing six CNCF projects: Flux, CRI-O, KubeEdge, Argo, Istio, and Cilium. Learn about common vulnerabilities found during audits, mitigation strategies, and the importance of publishing results publicly. Understand how audit reports benefit contributors, adopters, and security researchers looking to enhance project security. Delve into both high-level problems and technical security issues faced by CNCF projects, providing a comprehensive overview of the security landscape in cloud-native computing.

A Look Under the Hood of CNCF Security Audits - Adam Korczynski & David Korczynski, Ada Logics