Search results for: security audit

The Notary project completes fuzzing security audit

Posted on March 21, 2023

Community post also published on the Notary blog by Adam Korczynski, David Korczynski, and Feynman Zhou Reviewed by Pritesh Bandi, Samir Kakkar, Shiwei Zhang, Toddy Mladenov, Vani Rao, Yi Zha The Notary Project is happy to announce the…

“A well-secured project”: Cilium security audits 2022 published

Posted on February 13, 2023 | By Liz Rice

Project post by Liz Rice, Isovalent, for the Cilium project One of the benefits for CNCF projects is the funding of third-party security audits and testing. These help projects identify potential vulnerabilities in their code and process improvements…

Istio publishes results of 2022 security audit

Posted on January 30, 2023

Project post originally published on the Istio blog by Craig Box Security review of Istio finds a CVE in Go standard library Istio is a project that platform engineers trust to enforce security policy in their production Kubernetes…

Backstage security audit & updates 

Posted on August 30, 2022 | By Patrik Oldsberg

Project post originally posted on the Backstage blog by Patrik Oldsberg, Spotify TL;DR: Backstage’s security posture continues to mature! Today, we’re releasing a report from an independent security audit and the first version of the Backstage Threat Model….

Improving CNCF security posture with independent security audits

Posted on August 8, 2022 | By Amir Montazery

When Policy meets Execution  Community post by Amir Montazery, Managing Director, Open Source Technology Improvement Fund In this blog post, we present an overview of independent audits conducted at the end of 2021 and first half of 2022….

2022 Argo external security audit: Lessons learned

Posted on July 19, 2022 | By Michael Crenshaw

Project post cross-posted from the Argo Blog by Michael Crenshaw In early 2022, the Argo team and CNCF began work with Ada Logics to perform a security audit on the four Argo projects. Ada Logics discovered a number…

Announcing the completion of Linkerd’s 2022 Security Audit

Posted on June 28, 2022 | By William Morgan

Linkerd project cross-post by William Morgan Today we’re happy to announce the completion of Linkerd’s annual security audit, conducted by Trail of Bits and funded by the Cloud Native Computing Foundation. As part of Linkerd’s commitment to openness, transparency, and security…

Ada Logics: CRI-O holistic security audit engagement

Posted on June 6, 2022 | By David Korczynski + Adam Korczynski

Community post originally on the Ada Logics blog by David Korczynski, Security Research & Security Engineering and Adam Korczynski, Security Engineering & Security Automation, Ada Logics Ada Logics Ltd. recently performed a holistic security audit of CRI-O. CRI-O is…

Flux Security Audit has concluded

Posted on November 11, 2021

Project post cross-posted from the Flux blog As Flux is an Incubation project within the Cloud Native Computing Foundation, we were graciously granted a sponsored audit. The primary aim was to assess Flux’s fundamental security posture and to…

Open sourcing the SPIFFE/SPIRE security audit

Posted on August 17, 2021

A few years back, CNCF began performing and open sourcing third-party security audits for projects to improve the overall security of our ecosystem. These audits have helped identify security issues, from general weaknesses to critical vulnerabilities, and given…