Securitng the Kubernetes Supply Chain
HTML-код
- Опубликовано: 3 июл 2024
- Is it possible to break Kubernetes Security with Social Engineering and a Zip Domain? We spoke to John McBride, a senior software engineer and a maintainer of SPF 13 Cobra within the Kubernetes and CNCF ecosystem. John spoke about the different kinds of threats that Kubernetes clusters face, from container escapes to misconfigurations, emphasizing the increased complexity of threat models in the Kubernetes environment. The highlight of the episode is McBride's recount of how he used social engineering and a $12 to purchase the "kubernetes.zip" domain, crafting a proof of concept that exposes a critical vulnerability in the Kubernetes software supply chain.
Questions asked:
00:00 Introduction
00:33 Types of Threats for Kubernetes Cluster?
01:40 kubernetes.zip
03:59 Detecting threats in Kubernetes Supply Chain
05:47 Kubernetes Software Supply Chain
06:54 Security risk with Open Source Projects
08:43 Building Trust in Open Source
10:43 Managed Kubernetes Security
--------------------------------------------------------------------------------
📱Cloud Security Podcast Social Media📱
_____________________________________
Twitter: / cloudsecpod
Facebook: / cloudsecuritypodcast
LinkedIn: / cloud-security-podcast
Website: cloudsecuritypodcast.tv/
#cloudsecurity #kubernetessecurity #opensourcesoftware
