Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Savitha Raghunathan, Tabitha Sable, Ala Dewberry

2022-10-27

The presentation discusses the importance of self-assessments in Kubernetes security and how it empowers autonomy. It also highlights the Cappy self-assessment and its positive outcome.

• Self-assessments are important in determining the security posture of a workflow in a project and identifying areas for improvement
• The Cappy self-assessment was successful and led to the creation of a sub-project in Kubernetes
• Self-assessments empower autonomy by allowing teams to take ownership of their security posture and make improvements
• Action items from the assessment should be captured and implemented to improve security
• North Star goals for sub-projects should be established to guide the self-assessment process

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Naadir Jeewa, Pushkar Joglekar

2022-10-26

How does a Raccoon and a bunch of Turtles find common ground? Answer: You find a Goose who makes space where both feel welcome. In this session, Pushkar Joglekar and Naadir Jeewa will talk about how a multi-year collaboration where Kubernetes SIG Cluster Lifecycle, SIG Security & TAG Security came together to write the first community driven self-assessment of a Kubernetes sub-project: Cluster API. The session will cover how it all started from the basics with data flow diagrams to understand the internals of the project, then using that to model threats and assess next steps. Next, they will discuss challenges faced doing this exercise with folks around the globe (5 countries), limited maintainer time, doing our best to avoid zoom fatigue while trying and at times failing to be async first. Finally they will talk about what is happening with the findings from this exercise and how they plan to apply the lessons learnt from this exercise to future self-assessments across all Kubernetes sub-projects. Come for the stories from the animal kingdom; Stay for the real stories of humans bringing their best self to break some new ground in the form of community driven security improvements!

Conference:  KubeCon + CloudNativeCon Europe 2022

Authors: Savitha Raghunathan, Tabitha Sable, Rey Lejano, Pushkar Joglekar

2022-05-20

SIG Security takes a community-building approach to improving Kubernetes security, both for the project itself and our end users. Join organizers Pushkar, Rey, Savitha, and Tabitha for an overview of how we make space for security collaboration to thrive. We'll share timely updates from our tooling and third-party audit subgroups and information about guided security self-assessments for Kubernetes subprojects. In closing, a deep-dive into our efforts to improve security documentation through blogs, tutorials, whitepapers, and goose honking! You'll learn what's been going on, what’s next, and how you could join in, regardless of your experience from beginner to expert. We hope to see you there!Click here to view captioning/translation in the MeetingPlay platform!