How the Argo Project Transitioned From Security Aware to Security First
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore how the Argo project transitioned from being security-aware to adopting a security-first approach in this 34-minute conference talk by Henrik Blixt and Michael Crenshaw from Intuit. Gain insights into the journey of an incubating CNCF project as it navigates the challenges of enhancing its security posture. Learn about the implementation of project processes for handling reported vulnerabilities, collaboration with external security companies, and the support received from the CNCF. Discover engineering best practices, including concrete implementations of SBOMs and Fuzzing. Benefit from valuable information applicable to incubating or sandbox projects aiming to improve their security stance, as well as insights relevant to any software project or product. Delve into topics such as the Argo Project background, formation of Argo SIG Security, formalizing documentation processes, and leveraging CNCF and community project resources.
Syllabus
Intro
Al-driven expert platform
We believe in open source and open collaboration
Argo Project Background
Adding Security Strategy and Posture
Having a Place to Talk
Formation of Argo SIG Security
Formalizing and Documenting Process
Engineering Best Practices - SBOMs
Engineering Best Practices - Fuzzing
CNCF/Community Project Resources
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
The A's, B's, and Four C's of Testing Cloud-Native ApplicationsLASCON via YouTube A Different Kind of S3 - First Line Security of the Supply Chain
Linux Foundation via YouTube Accountability Taxonomy for AI Software Bill of Materials
Linux Foundation via YouTube Activities in Japan and 10 Streams of OSS Security Mobilization Plan
OpenSSF via YouTube Addressing Security Issues Before Production with Docker Scout
Docker via YouTube