Improving CNCF security posture with independent security audits
When Policy meets Execution Community post by Amir Montazery, Managing Director, Open Source Technology Improvement Fund In this blog post, we present an overview of independent audits conducted at the end of 2021 and first half of 2022….
Improving Security by Fuzzing the CNCF landscape
By Chris Aniszczyk (CNCF), Adam Korczynski (Ada Logics), David Korczynski (Ada Logics) In this blog post we present an overview of the state of fuzzing across CNCF projects. This is based on efforts and work that CNCF has…
How to run untrusted containers in Kubernetes
Guest post originally published on the SIGHUP blog by Alessandro Lo Manto The IT world is adopting container-based infrastructures more and more every day. However, the advantages, disadvantages and even the limitations are not clear to everyone. Considering…
My first in-person KubeCon + CloudNativeCon
Community post by Rishit Dagli This year I got a chance to attend my first in-person KubeCon + CloudNativeCon in Valencia, Spain under the generous Dan Kohn scholarship by CNCF and Linux Foundation. Throwback to when I was…
OSTIF’s audit of CRI-O is complete – high severity issues found and fixed
Community post originally published on the OSTIF blog Open Source Technology Improvement Fund is thrilled to report the results of a security audit of CRI-O. CRI-O is an open source software (OSS) project that is an implementation of the Kubernetes Container Runtime Interface. It…
Ada Logics: CRI-O holistic security audit engagement
Community post originally on the Ada Logics blog by David Korczynski, Security Research & Security Engineering and Adam Korczynski, Security Engineering & Security Automation, Ada Logics Ada Logics Ltd. recently performed a holistic security audit of CRI-O. CRI-O is…
ZDNet: “Kubernetes 1.24 Stargazer: An exceptional release with two major changes”
Kubernetes, everyone’s favorite container orchestrator, in its latest release, Kubernetes 1.24 Stargazer, has made two major changes: The developers dropped support for the Docker Engine container runtime and added supply chain security via Sigstore. First, don’t start hyperventilating…
Container Journal: “Why Cloud-Native Companies Should Support Open Source”
Open source software (OSS) makes up the bedrock of our digital lives. And naturally, OSS is the foundation for most modern cloud-native infrastructure. In fact, a recent report from CNCF found a rise in open source projects to…
Cloud Native Computing Foundation Unveils Schedule for KubeCon + CloudNativeCon Europe 2022
Back in-person in Valencia, Spain in May, technology enthusiasts will meet to share and educate around cloud native innovation SAN FRANCISCO, Calif. – March 9, 2022 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for…
68 New Members Join the Cloud Native Computing Foundation
Steady growth sees CNCF hit over 775 members, joining together to enable innovation across industries through open source cloud native technology adoption SAN FRANCISCO, Calif. – March 8, 2022 – The Cloud Native Computing Foundation® (CNCF®), which builds…