logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Natalia Reka Ivanko, John Fastabend
2023-04-21

tldr - powered by Generative AI

The presentation discusses the implementation of encryption policies and observability in real-time with limited CPU and memory usage using the Tetragon framework.
  • The speaker wants to implement encryption policies and ensure observability in real-time with limited CPU and memory usage.
  • The Tetragon framework provides a way to hook into the kernel and filter data before aggregating it for export.
  • The framework allows for tracing of every process that runs in the system and provides a unique ID for each executable.
  • The unique ID and timestamp can be used to build a time series database for analysis.
  • Policies can be packaged with images and applied automatically upon deployment.
Authors: Dylen Turnbull, James Strong
2023-04-20

tldr - powered by Generative AI

The presentation discusses the process of validating vulnerabilities and implementing remediation in Kubernetes Ingress and nginx core.
  • The process of validating vulnerabilities involves a lot of back and forth conversations to determine if it is an actual vulnerability and if the fix works.
  • Allowing users to run arbitrary code is a valid configuration option, but protections need to be put in place to prevent nefarious actions.
  • The Kubernetes Ingress team is working on validating user input to prevent mounting tokens or accessing unauthorized namespaces.
  • The process of implementing remediation in nginx core involves qualifying the vulnerability, determining the threat level, and deciding on a fix.
  • The remediation process takes around two weeks and involves careful consideration to prevent any mistakes that could affect millions of websites.
Authors: Kara Yimoyines
2022-10-25

tldr - powered by Generative AI

The presentation discusses the need for an actionable user interface to address the challenges of vulnerability data and CVEs in the security space.
  • Vulnerability data alone is not enough to secure software supply chain
  • An actionable user interface is needed to automate remediation and understand blast radius of CVEs
  • GUI can help prioritize work and alert when things go sideways
  • GUI should allow annotation of CVEs and weigh potential harm and risk to the business
  • GUI becomes the central location to collaborate and communicate with cross-functional teams
  • GUI should be extensible and interoperable with other tools solving adjacent problems
  • Building accessible tools that don't require exclusive use of the terminal is important