Announcing the completion of Linkerd’s 2022 Security Audit
Linkerd project cross-post by William Morgan Today we’re happy to announce the completion of Linkerd’s annual security audit, conducted by Trail of Bits and funded by the Cloud Native Computing Foundation. As part of Linkerd’s commitment to openness, transparency,…
Ada Logics: CRI-O holistic security audit engagement
Community post originally on the Ada Logics blog by David Korczynski, Security Research & Security Engineering and Adam Korczynski, Security Engineering & Security Automation, Ada Logics Ada Logics Ltd. recently performed a holistic security audit of CRI-O….
Flux Security Audit has concluded
Project post cross-posted from the Flux blog As Flux is an Incubation project within the Cloud Native Computing Foundation, we were graciously granted a sponsored audit. The primary aim was to assess Flux’s fundamental security posture…
Open sourcing the SPIFFE/SPIRE security audit
A few years back, CNCF began performing and open sourcing third-party security audits for projects to improve the overall security of our ecosystem. These audits have helped identify security issues, from general weaknesses to critical vulnerabilities,…
This week, a third-party security audit was published on etcd, the open source distributed key-value store that plays a crucial role in scaling Kubernetes in the cloud. For etcd, this audit was important in multiple ways….
Open sourcing the etcd Security Audit
Guest post from Sahdev Zala and Xiang Li, maintainers for etcd We are proud to announce that the etcd team has successfully completed a 3rd party security audit for the etcd latest major release 3.4. The…
Kubernetes security controls and enforcement: applying lessons from the K8s security audit
The recent Kubernetes security audit and the issues it identified got lots of publicity. But did you know that the audit reports also include many recommendations you can apply today to improve your security posture? On…
Last year, the Cloud Native Computing Foundation (CNCF) initiated a process of conducting third-party security audits for its own projects. The aim of these security audits was to improve the overall security of the CNCF ecosystem.
EnterpriseAI: "Kubernetes gets a security audit"
An open source group is expanding its third-party security audits to include the popular but vulnerable Kubernetes cluster orchestrator.
ZDNet: "Kubernetes reports the results of its open-source security audit"
All programs need security audits, but the Cloud Native Computing Foundation (CNCF) took a new open-source approach and revealed all to its users.