logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Pushkar Joglekar
2021-10-14

tldr - powered by Generative AI

The talk discusses the issue of managing vulnerabilities in Kubernetes container images and proposes a practical approach to assess product security based on risk rather than raw vulnerability numbers.
  • Kubernetes end users often rely on image scanning to manage vulnerabilities, but it may not be effective in reducing the number of vulnerabilities.
  • The focus should be on understanding the impact of vulnerabilities and removing unnecessary components from container images.
  • Kubernetes project manages vulnerabilities by reducing image churn and removing unnecessary components through the use of distroless base images.
  • The use of distroless base images can reduce the attack surface and simplify vulnerability management.
  • The speaker shares a fictional anecdote of a CISO's frustration with a high number of vulnerabilities detected in container images.
  • The talk emphasizes the importance of understanding risk posture and threat models in assessing product security.