How the Argo Project Transitioned From Security Aware to Security First
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore how the Argo project transitioned from being security-aware to adopting a security-first approach in this 34-minute conference talk by Henrik Blixt and Michael Crenshaw from Intuit. Gain insights into the journey of an incubating CNCF project as it navigates the challenges of enhancing its security posture. Learn about the implementation of project processes for handling reported vulnerabilities, collaboration with external security companies, and the support received from the CNCF. Discover engineering best practices, including concrete implementations of SBOMs and Fuzzing. Benefit from valuable information applicable to incubating or sandbox projects aiming to improve their security stance, as well as insights relevant to any software project or product. Delve into topics such as the Argo Project background, formation of Argo SIG Security, formalizing documentation processes, and leveraging CNCF and community project resources.
Syllabus
Intro
Al-driven expert platform
We believe in open source and open collaboration
Argo Project Background
Adding Security Strategy and Posture
Having a Place to Talk
Formation of Argo SIG Security
Formalizing and Documenting Process
Engineering Best Practices - SBOMs
Engineering Best Practices - Fuzzing
CNCF/Community Project Resources
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Target Rich Cyber PoorBSidesLV via YouTube The A's, B's, and Four C's of Testing Cloud-Native Applications
LASCON via YouTube SBOM Challenges and How to Fix Them
BSidesLV via YouTube The Case for Software Bill of Materials
BSidesLV via YouTube Collaborating to Improve Open Source Security - How the Ecosystem Is Stepping Up
RSA Conference via YouTube