The State of Cloud Native Security 2023 | Ep 94

In the year 2023, the Cloud-Native Security and Usage Report declared that 87% of container images have high or critical vulnerabilities. The reality is there are too many vulnerabilities to fix, and teams struggle with how to prioritize them. In fact, 85% of critical and high vulnerabilities have a fix available but are not in use at runtime where they’d be exploitable. Let’s explore the dynamic landscape of containerized applications with uninvited challenges examine the year 2023 and find some interesting trends that may help you as you work to develop best practices and essential security considerations for ensuring the integrity and authenticity of your containers and your cloud-native environments.

▬▬▬▬▬▬ 👋 About the Guest👋 ▬▬▬▬ ▬▬▬ ▬▬▬▬▬ ▬▬▬▬▬ ▬▬▬▬▬ ▬▬
Héctor Fernández ► https://twitter.com/adrianmouat

▬▬▬▬▬▬ 📺 Video – Learning resources 📺 ▬▬▬▬ ▬▬▬ ▬▬▬▬▬ ▬▬▬▬▬ ▬▬▬▬▬
► Container Images for the Cloud Native Era – @cloudnativefm https://www.youtube.com/watch?v=SmUFKNh0YLI&t=1206s

► Open VEX Supercharges SBOMs For A More Secure Software Supply Chain – @cloudnativefm

► Artifact signing with ephemeral and verifiable keys: Sigstore and OpenPubkey – @cloudnativefm https://www.youtube.com/watch?v=5u6iReDVbBI&t=21s

▬▬▬▬▬▬ ✍️ Articles ✍️ ▬▬▬▬ ▬▬▬ ▬▬▬▬▬ ▬▬▬▬▬ ▬▬▬▬▬
► Reducing Trust in Automated Certificate Authorities via
Proofs-of-Authentication – https://arxiv.org/pdf/2307.08201.pdf
► OpenPubkey and Sigstore – https://blog.sigstore.dev/openpubkey-and-sigstore/
► Sysdig 2023 Cloud-Native Security and Usage Report – https://sysdig.com/blog/2023-cloud-native-security-usage-report/
► The State of Cloud Native Security Report 2023 –https://start.paloaltonetworks.com/rs/531-OCS-018/images/3.2%20FINAL%20The%20State%20of%20Cloud%20Native%20Security%20Report%202023_3-2.pdf
► The State of Cloud-Native Security – https://cloudnativenow.com/features/the-state-of-cloud-native-security/
► Need to Sign Your Code and Haven’t a Clue? Sigstore Can Help – https://thenewstack.io/need-to-sign-your-code-and-havent-a-clue-sigstore-can-help/
► How to Sign a Container with Cosign – https://edu.chainguard.dev/open-source/sigstore/cosign/how-to-sign-a-container-with-cosign/

▬▬▬▬▬▬ 🪪 Sigstore 🪪 ▬▬▬▬ ▬▬▬ ▬▬▬▬▬ ▬▬▬▬▬ ▬▬▬▬▬
► Overview – https://docs.sigstore.dev/
► (X – Twitter) – https://twitter.com/projectsigstore
► OpenSSF – Sigstore: Simplifying Code Signing for Open Source Ecosystems – https://openssf.org/blog/2023/11/21/sigstore-simplifying-code-signing-for-open-source-ecosystems/

▬▬▬▬▬▬ 🔐 Openpubkey 🔐 ▬▬▬▬ ▬▬▬ ▬▬▬▬▬ ▬▬▬▬▬ ▬▬▬▬▬
► OpenPubkey – https://www.bastionzero.com/openpubkey
► Linux Foundation, BastionZero, and Docker Announce the Launch of the OpenPubkey Project – https://www.linuxfoundation.org/press/announcing-openpubkey-project
► Signing Docker Official Images Using OpenPubkey – https://www.docker.com/blog/signing-docker-official-images-using-openpubkey/

▬▬▬▬▬▬ 💼 About the Chainguard 💼 ▬▬▬▬ ▬▬▬ ▬▬▬▬▬
The first developer platform built for software supply chain security
🌍 https://www.chainguard.dev/
🧑‍💻 https://www.chainguard.dev/unchained
🐳 https://github.com/chainguard-images/
🐦 https://twitter.com/chainguard_dev

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
➡ https://twitter.com/cloudnativeboy
➡ https://www.linkedin.com/in/saim-safder/

#kubernetes #security

source by Cloud Native Podcast

linux foundation