Security

Kubernetes Security Response Committee (SRC)

Details:

• Main Page: https://github.com/kubernetes/committee-security-response
• Process: https://github.com/kubernetes/committee-security-response/blob/main/security-release-process.md
• CVE Feed: https://kubernetes.io/docs/reference/issues-security/official-cve-feed/

Participants:

• Sri Saran Balaji (@SaranBalaji90) srajakum@amazon.com
• Micah Hausler (@micahhausler) mhausler@amazon.com

Containerd Security Process

Details:

• https://github.com/containerd/project/blob/main/SECURITY.md

Participants:

• Phil Estes (@estesp) estesp@amazon.com
• Davanum Srinivas (@dims) davanum@amazon.com

runc Security Process

Details:

• https://github.com/opencontainers/.github/blob/master/SECURITY.md

Participants:

• Phil Estes (@estesp) estesp@amazon.com

CNCF TAG Security (STAG)

• Main Page : https://github.com/cncf/tag-security
• Publications : https://github.com/cncf/tag-security/blob/main/PUBLICATIONS.md
• White Paper : https://github.com/cncf/tag-security/blob/efb183dc4f19a1bf82f967586c9dfcb556d87534/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf

K8s SIG Security

• Main Page : https://github.com/kubernetes/sig-security
• Fuzzing : https://github.com/kubernetes/sig-security/blob/main/sig-security-external-audit/adalogics-fuzzing-2022/kubernetes-fuzzing-report.pdf
• Audit : https://github.com/kubernetes/sig-security/blob/main/sig-security-external-audit/security-audit-2021-2022/findings/Kubernetes v1.24 Final Report.pdf
• Snyk : https://k8s-testgrid.appspot.com/sig-security-snyk-scan#ci-kubernetes-snyk-master

Misc

• ECR / ORAS - Jessie Butler (butlerjl), Terry Howe (tlhowe)
• https://www.cisecurity.org/cis-benchmarks
• FIPS / BoringSSL
• Bottlerocket secure by default (via EKS as well as vSphere)
  • Ben Cressey ( bcressey on phonetool)
• Firecracker