# Security --- ## Kubernetes Security Response Committee (SRC) #### Details: * Main Page: https://github.com/kubernetes/committee-security-response * Process: https://github.com/kubernetes/committee-security-response/blob/main/security-release-process.md * CVE Feed: https://kubernetes.io/docs/reference/issues-security/official-cve-feed/ #### Participants: * Sri Saran Balaji (@SaranBalaji90) <srajakum@amazon.com> * Micah Hausler (@micahhausler) <mhausler@amazon.com> ## Containerd Security Process #### Details: * https://github.com/containerd/project/blob/main/SECURITY.md #### Participants: * Phil Estes (@estesp) <estesp@amazon.com> * Davanum Srinivas (@dims) <davanum@amazon.com> ## runc Security Process #### Details: * https://github.com/opencontainers/.github/blob/master/SECURITY.md #### Participants: * Phil Estes (@estesp) <estesp@amazon.com> ## CNCF TAG Security (STAG) * Main Page : https://github.com/cncf/tag-security * Publications : https://github.com/cncf/tag-security/blob/main/PUBLICATIONS.md * White Paper : https://github.com/cncf/tag-security/blob/efb183dc4f19a1bf82f967586c9dfcb556d87534/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf ## K8s SIG Security * Main Page : https://github.com/kubernetes/sig-security * Fuzzing : https://github.com/kubernetes/sig-security/blob/main/sig-security-external-audit/adalogics-fuzzing-2022/kubernetes-fuzzing-report.pdf * Audit : https://github.com/kubernetes/sig-security/blob/main/sig-security-external-audit/security-audit-2021-2022/findings/Kubernetes%20v1.24%20Final%20Report.pdf * Snyk : https://k8s-testgrid.appspot.com/sig-security-snyk-scan#ci-kubernetes-snyk-master ## Misc * ECR / ORAS - Jessie Butler (butlerjl), Terry Howe (tlhowe) * https://www.cisecurity.org/cis-benchmarks * FIPS / BoringSSL * Bottlerocket secure by default (via EKS as well as vSphere) * Ben Cressey ( bcressey on phonetool) * Firecracker