If the past couple of years taught us anything, it’s the importance of security in cloud native and open source environments. The fallout of vulnerabilities like Log4j even reached the U.S. Federal Government with the Executive Order on improving cybersecurity and the subsequent Securing Open Source Software Act and OpenSSF Open Source Software Mobility Plan.

Organizations are no longer questioning whether or not to move to the cloud but are looking for the quickest and most efficient way to do so. And security too often gets overlooked in these transitions and upgrades. Because of this and the rise of open source software usage everywhere, we will likely see another large open source security issue in 2023, it’s only a matter of when. Now is a great time to come together as a community to ensure we are prepared – so join us February 1-2 in Seattle, Washington, for CloudNativeSecurityCon North America 2023.

Here are a few topics that will be important in 2023 and beyond and some of the CloudNativeSecurityCon sessions where you can learn more.


eBPF allows organizations to write custom code to run in the kernel. By making the Linux kernel programmable, eBPF has introduced a new generation of cloud native tooling in areas such as networking, observability, and security. Many CNCF projects, including Cillium, Falco, and Pixie, have been designed to bring the advantages of eBPF to cloud native, while others, like Istio, are being redesigned to include eBPF tooling. eBPF can improve cloud native security in several ways. Cillium, for instance, can help provide more visibility into container workloads, while Falco provides a behavioral activity monitor designed to detect anomalous activity in container runtimes.  

CloudNativeSecurityCon sessions on eBPF:

Software Bill of Materials (SBOM)  

The concept of an SBOM is relatively straightforward – it provides a list of components in a piece of software and has long been used in traditional manufacturing as part of supply chain management. In practice, it offers a lot of benefits, including security alerts for dependencies and a more complete view of the origin of artifacts and the software supply chain. 

SBOMs are becoming more common in cloud native in part due to the recent White House Executive Order, and they will continue to be an essential part of software supply chain security. Kubernetes has already adopted SBOMs and produces them as part of builds and releases. Most CNCF projects will soon do the same.

CloudNativeSecurityCon sessions on SBOMs:

Security Education and Training

Our 2022 Cloud Native Security Microsurvey found that organizations’ biggest security challenges in running cloud native environments are: a lack of technical expertise and trouble matching new methods and processes like DevOps and CI/CD with existing requirements, tools, and processes. 

At CNCF, we’ve taken steps to address these gaps, including making our projects inherently more secure with third-party security audits and fuzzing and with education and training, including the Certified Kubernetes Security Specialist (CKS) and Kubernetes Security Essentials course. You can expect more to come in 2023.  

There is a clear need for people to become more versed in security practices – and what better place to do so than CloudNativeSecurityCon? The event will feature a 101 track, talks on education and teaming, and hands-on tutorials.

CloudNativeSecurityCon sessions and tutorials on education, training, and teaming:

For the complete CloudNativeSecurityCon 2023 program, please visit the schedule.

Register now for CloudNativeSecurityCon North America. Those who cannot attend in person can register for the complimentary keynote livestream, which will take place 8:55-10:30 AM PST on February 1st and 2nd.