Inside the CNCF Project Security Reviews

May 20, 2019 · Barcelona, Spain

THIS IS A FREE EVENT - PLEASE RSVP USING THIS LINK Last year the CNCF started funding security reviews for its projects. This talk examines the review process from the inside and looks at the outcomes and lessons from the reviews that have been performed so far. What vulnerabilities were found? What types of problem are common across projects? How should you prepare for a review?</p>The talk will cover how to make the most of a security review, what to expect from it, what to bring to the review process, and how to maximise the benefits of a review. It will be illustrated with details of the review process for the Notary and TUF audits from the inside as I was involved in this process, and with a detailed analysis of the public reports, including Prometheus, CoreDNS, Envoy, Containerd and more. The talk will look at the issues found in the different projects, the areas in which issues were not found, and common themes.</p>



Justin Cormack - Docker (Security Engineer)
Justin Cormack is a senior security engineer at Docker, a maintainer of the CNCF Notary project, a contributor to several other CNCF and OCI projects, and a maintainer of the Docker engine and LinuxKit. He works on application security and container isolation, among other areas. He has spoken at Kubecon in Berlin, Austin, Copenhagen and Seattle, and at other conferences such as Oscon, CNCF Meetups and other events, talking about a variety of CNCF projects such as Containerd, TUF, Notary, and Open Policy Agent. He also worked on adding Kubernetes support to the Docker Desktop projects.

Hosted By
Dimitris Kapanidis, Community Leader

Jonas Julve, Community Leader





Event organizers
  • Docker Barcelona

    Learn, Collaborate &amp;amp; Dockerize! Meet other developers and ops engineers in your community that are using and learning about Docker. Docker is an open platform that helps you build, ship and run applications anytime and anywhere. Developers use Docker to modify code and to streamline application development, while operations gain support to quickly and flexibly respond to their changing needs. Docker ensures agility, portability and control for all your distributed apps.  Docker is also ...

    Recent Events

Are you organizing Inside the CNCF Project Security Reviews?

Claim the event and start manage its content.

I am the organizer

based on 0 reviews

Featured Events