Unpacking Open Source Security in Public Repositories and Registries
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the security landscape of open source projects and public registries in this 34-minute conference talk by Ben Hirschberg from ARMO. Dive into groundbreaking research that scans popular open source projects like Grafana, Prometheus, Lens, Helm, and ArgoCD, as well as public registries such as DockerHub, Quay, GCR, and ECR. Discover how these widely-used resources measure up against common compliance frameworks including CIS, MITRE ATT&CKĀ®, NIST, and NSA-CISA. Gain insights into prevalent misconfigurations, the impact of well-known CVEs (exemplified through Log4J), and critical red flags to watch out for when utilizing public resources. Conclude with a comprehensive risk analysis and scoring of these resources, highlighting key security concerns and providing best practices to safeguard your systems and operations in the ever-evolving container ecosystem.
Syllabus
Unpacking Open Source Security in Public Repos & Registries - Ben Hirschberg, ARMO
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network