🦝 TAG Security Cloud Native Security Whitepapers Overview

The presentation discusses the Cloud Native Computing Foundation's (CNCF) Technical Advisory Group (TAG) Security and its efforts to improve security in the cloud native world through publications, in-person collaborations, and project assessments.

• CNCF's TAG Security aims to improve security in the cloud native world through various efforts
• Publications such as white papers and frameworks are available to the public
• In-person collaborations with projects and communities are done to provide education and partnership
• Project assessments are conducted to help projects move up in the CNCF landscape
• CNCF's TAG Security also assists projects in graduating through CNCF levels
• A supply chain security survey is being conducted to understand how to improve supply chain security

One way people can contribute to open source is by doing simple things such as fixing grammar or spelling mistakes in white papers. This is valuable and encourages people to get involved in open source projects. Additionally, the audio version of the white paper is split into sections and different people can read and record different sections, making it accessible to those who do not have time to read. Projects also present at meetings, allowing for feedback and collaboration to improve security posture.

There are many aspects of Cloud Native Security, and it can be daunting to approach. To help security practitioners understand cloud native security, TAG security has published multiple whitepapers and reference architectures to help provide context on securing cloud native infrastructure. In this talk, we will go through what’s out there and coming up, including the Cloud Native Security Whitepaper, Supply Chain Security best practices and reference architecture, Zero Knowledge whitepaper as well as the Cloud Native Security Controls mapping. We hope that this session will lighten the pathways into cloud native security for all