The State of Vulnerability in Cloud Native Security

Explore the state of vulnerability in cloud native security through this comprehensive conference talk. Analyze research results from cloud native tools security audits and publicly reported vulnerabilities across various projects like Kubernetes, Helm, etcd, gRPC, and CodeDNS up to July 2021. Gain insights into the most common issues and critical risks associated with these tools, understand their root causes, and learn strategies to prevent future occurrences. Discover the importance of raising awareness about the risks of using these projects in organizational environments. Access a detailed PDF report containing all data and findings upon presentation conclusion. Delve into topics such as CNCF security audits, vulnerability analysis methodology, project-specific vulnerabilities, top 10 affected projects, vulnerability classes, severity levels, open-source security dependencies, and associated risks. Receive valuable recommendations for CNCF and explore next steps in improving cloud native security.

Intro
Disclaimer
Awesome K8s Security List
Project Idea
CNCF Security Audits
The State of Vulnerability - Methodol
The State of Vulnerability - Analysis
The State of Vulnerability - Results
The State of Vulnerability - Projects
The Top 10 Projects Projects
The State of Vulnerability - Vuln Classe
The State of Vulnerability - Severity
Open Source Security - Dependencies
Vulnerability Risks
Recommendations for CNCF
Next Steps