Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Kevin Ward
2022-05-19
tldr - powered by Generative AI
The presentation discusses the importance of securing Kubernetes operators and suggests using a pipeline and static analyzer to detect vulnerabilities.
- Operators are automated runbooks that can pose security risks if not properly secured
- Bad Robot is a tool that can scan operator manifests for vulnerabilities
- Developers should be explicit about the permissions and resources an operator can access
- Restricting an operator to specific namespaces and resources can improve security
- A pipeline and static analyzer can help detect vulnerabilities in operators
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Silvia Pina
2022-05-17
tldr - powered by Generative AI
The talk argues against using the term 'human error' in classifying the reasons behind incidents and advocates for a blameless culture to achieve reliable and secure systems. It proposes looking at how highly resilient organizations handle the human component of failures from a systems thinking and organizational psychology standpoint.
- The term 'human error' is outdated and should be avoided in classifying the reasons behind incidents
- A blameless culture is key to achieving reliable and secure systems
- Highly resilient organizations focus on identifying all possible warning signs and maintaining a global view of all operations to prevent failures
- When a failure does occur, it is seen as a learning opportunity to improve how the organization works
- Building resilience to failure involves helping people cope with complexity under pressure and maintaining mindfulness or awareness at an organizational level