KCD New York 2025 is calling on security experts to share their insights on securing cloud-native technologies!
CFP Closes: Friday, Feb 28, 2025, at 11:59 PM EST
Submit now: https://sessionize.com/kcd-new-york-2025/
Three recently identified #CVEs in #ArgoCD, one of them designated high severity, now have fixes following a lengthy disclosure process and disagreements about their real-world risk. #gitops #cybersecurity #cloudnativesecurity
https://www.techtarget.com/searchitoperations/news/366574332/GitOps-users-warned-to-patch-3-new-Argo-CD-CVEs
"They can request SBOMs til they're blue in the face, but there’s no framework in place for enforcement."
- @webjedi in my writeup of #SBOM-a-rama:
https://www.techtarget.com/searchitoperations/news/366542018/CISA-SBOM-standards-efforts-stymied-by-confusion-inertia
#softwaresupplychain #cybersecurity @CISAgov
#CISA #NTIA #NIST #FDA #softwaresupplychainsecurity #supplychainsecurity #softwarebillofmaterials #cloud #cloudsecurity #security #infrastructure #cloudnative #cloudnativesecurity #sbomarama
Today's news: @hashicorp@birdsite.wilde.cloud #Vault 's appeal to a broader field of users gets a boost from a new entry-level #SaaS service, while a new #Boundary Enterprise targets the high end of the market. #accesscontrols #remoteaccess #cloudsecurity #secretsmanagement #kubernetes #cloudnativesecurity https://www.techtarget.com/searchitoperations/news/366541914/HashiCorp-Vault-trims-SaaS-Boundary-hooks-up-Enterprise
@sysdig@birdsite.wilde.cloud is staking its claim in #CNAPP based on that runtime #threatdetection and response, which was a selling point for @bigcommerce last year. #cloudnative #cybersecurity #cloudnativesecurity #cloudsecurity #appsec #applicationsecurity #devsecops #runtime #shiftleft #shieldright #falco #threatdetection https://www.techtarget.com/searchitoperations/news/366539616/Sysdig-CNAPP-runtime-threat-detection-wins-over-BigCommerce
When To Go Cloud-Native and When To Buy a Security Vendor Solution - https://www.datacenterknowledge.com/security/when-go-cloud-native-and-when-buy-security-vendor-solution
Credit: Klaus Haller
As KubeCon/CloudNativeCon Europe wraps up, a few quick thoughts:
- the topic of security within cloud-native was EVERYWHERE. I jokingly say KubeCon/CNCon is a security conference in disguise. This speaks to the growing importance of trust and reliability for those looking to deploy cloud-native tech stacks in production (which many many are).
- to me, there’s a nuance on how cloud-native community views security - the interest is more in building/using security functionality within the stack rather than after-the-fact security tooling.
- topics of interest? Growing role of platform engineering, eBPF-based monitoring/security, supply chain security (including SBOM), and more.
Deeper report for Omdia subscribers in the works. Stay tuned.
Next-up: BSidesSF and RSA Conference ! Looking forward to seeing friends old and new next week.
New from me today: Sidecarless #eBPF #servicemesh fuels ongoing debate at #KubeConEU
https://www.techtarget.com/searchitoperations/news/365535362/Sidecarless-eBPF-service-mesh-sparks-debate
#Isovalent #Cilium #solo.io Buoyant #CNCF #cloudnative #cybersecurity #Kubernetes #cloudnativesecurity
An #opensource consortium that includes #Google plans to release a deployable beta of the #GUAC project this month, a possible milestone for #cloudnative #SBOM. https://www.techtarget.com/searchitoperations/news/365532041/SBOM-graph-database-aims-to-be-cloud-security-secret-sauce
ETA: As my colleague @robwright astutely noted on the birdsite, this has some potentially far-reaching implications given the #WhiteHouse #NationalCybersecurityStrategy announcement...
Organizations are increasingly transitioning to the cloud, but security is often overlooked in the process. CloudNativeSecurityCon North America 2023 will be held on February 1-2 in Seattle, Washington and feature discussions on using eBPF to improve cloud native security. https://www.cncf.io/blog/2023/01/17/cloudnativesecuritycon-2023-3-key-areas-to-watch/ #CloudNativeSecurity #CloudSecurity #eBPF
Ove found most of the people i already followed in #InfoSecTwitter here,
I would appreciate pointers to find back #CloudNativeSecurity and #OpenSourceCommunity here ?
