YoVDO

Keeping Up with CVEs: Finding Needles in Haystacks - Practical Vulnerability Assessment

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Vulnerability Management Courses Kubernetes Courses Container Security Courses Security Automation Courses Release Engineering Courses Cloud-Native Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the challenges and solutions in vulnerability management for container images in this conference talk. Learn how vulnerability scanners work, their limitations, and practical approaches to assess product security beyond raw vulnerability numbers. Discover strategies for implementing effective vulnerability management using Kubernetes images as an example. Gain insights into reducing false positives, focusing on code execution paths, and creating automated processes for vulnerability detection. Understand the complexities of container images and how to balance security concerns with practical solutions that allow engineers to work efficiently.

Syllabus

Introduction
Welcome
Why is the graph looking like this
Example
Vulnerability Scanner
Vulnerability Analysis
Image Scanners
Vulnerability Impact
Kubernetes
Release Engineering
Kubernetes Enhancement Proposal
Distroless
Base
Bash Static
QProxy
Not a perfect solution
Container images are complex
Imperfect solutions have benefits
Reduce churn
Vulnerability detection
How Kubernetes maintainers feel
Focus on code execution path
Give engineers breathing space
Create a list of images
Automated jobs
Questions


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Introduction to Cloud Infrastructure Technologies
Linux Foundation via edX Scalable Microservices with Kubernetes
Google via Udacity Google Cloud Fundamentals: Core Infrastructure
Google via Coursera Introduction to Kubernetes
Linux Foundation via edX Fundamentals of Containers, Kubernetes, and Red Hat OpenShift
Red Hat via edX