Dates
Conferences
Tags
Sort by:
Most recent
Conference: Defcon 31
Authors: RenderMan His Holiness, Pope of the Church of Wifi, Thomas Dang
2023-08-01
Post 9/11, the phrase “If you see something, say something” became ubiquitous. If you saw something of concern, better to report something that was nothing than let something bad happen. Problem is, no one let the authorities know that they should apply this to the online realm too. Threats of arrest and criminal investigations have the opposite effect and chill anyone from wanting to report security vulnerabilities that affect everyone.
Lack of clear reporting paths, misunderstandings, jurisdiction issues, superseding laws, and good old fashioned egos can make trying to do the right thing turn into a nightmare that can cost livelihoods, reputation, criminal charges and even worse, particularly when government systems are involved.
This talk will cover the presenters personal experiences with poorly written or a lack of vulnerability disclosure policies with their governments and what it cost them in trying to make things better. The presentation will then move to a discussion about what should be done and what is being done to make sure that reporting a vulnerability doesn’t cost you everything. Anyone who is responsible for writing such disclosure policies or legislation will benefit, but so will any hackers that want to make it safer to report issues they find by advocating for changes.
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Ben Hirschberg
2023-04-20
tldr - powered by Generative AI
The presentation discusses an innovative approach to securing Kubernetes clusters using behavior analysis during continuous integration testing and generating native policies based on behavior. The focus is on leveraging continuous behavioral analysis to replace tedious manual policy definitions and the importance of native policies to enforce security policies directly within Kubernetes without relying on third-party tools.
- Continuous behavioral analysis can replace manual policy definitions
- Native policies allow for direct enforcement of security policies within Kubernetes
- Hands-on practices for implementing this approach are covered
- The presentation emphasizes the importance of leveraging innovative approaches to security in Kubernetes clusters
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Jim Bugwadia, Frank Jogeleit
2023-04-19
tldr - powered by Generative AI
The Policy Working Group in Kubernetes is focused on promoting policy report API, completing the GRC paper, and discussing compliance mapping. They are also updating the Kubernetes policy page.
- The Policy Working Group is promoting the policy report API to be standardized and used by different tools and projects.
- They are completing the GRC paper to map policies into other business functions and exploring how policies can be used for operations automation and cost management.
- The group is discussing compliance mapping to automate compliance assessments and move from manual to continuous compliance.
- They are updating the Kubernetes policy page to make it more helpful.
- The group meets every second Wednesday at 9:00 am Pacific time.
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Jim Bugwadia, Jayashree Ramanathan, Anca Sailer, Robert Ficcaglia
2022-10-27
Kubernetes policies can help simplify management particularly of multiple clusters, scale Day 2 operations, and automate security and resiliency and software engineering concerns, thereby optimizing cost of operations. Policies also serve as the building block to help enforce multi-cluster governance and deliver continuous compliance and readiness for audits. The Kubernetes Policy Working Group (WG) focuses on defining overall architecture recommendations and guidance on both current policy related implementations as well as future policy related proposals in Kubernetes. Join this session to find out about the working groups current and upcoming projects, and also learn how you can get involved to learn and contribute.
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Jim Bugwadia, Aradhna Chetal, Jayashree Ramanathan, Robert Ficcaglia
2021-10-13
tldr - powered by Generative AI
The conference presentation discusses the importance of policy-based governance and automation in improving security and operational efficiency in Kubernetes.
- Customers need a policy management system that is multi-cluster and oriented towards splitting clusters into different application teams.
- Existing IT operational processes and tools should be combined with policy-based governance to achieve automated governance.
- Policy-based operations are becoming increasingly important in Kubernetes, especially for securing it and achieving compliance.
- Policy management is a configuration management problem that can help achieve desired configuration state for every control at every layer of the software stack.
- Customers are starting to convert homegrown scripts into policies and apply policy management techniques to automate security controls.