Cloud-Native Security
5 Laws of Cloud-Native Authorization
In a microservices world, each service needs to verify that a subject (user or machine) has permission to perform an operation on a resource that the service manages. But in an agile ...
Vulnerability Management: Context From Code to Cloud
Almost all modern cloud-native applications are developed using open source components. And yet, security is not always the top priority for open source developers. While many vulnerabilities can be accidental (e.g., coding ...
Understanding Role-Based Access Control in Kubernetes
“I’m sorry Dave, I’m afraid I can’t do that.” – HAL 9000, 2001: A Space Odyssey This iconic quote from 2001: A Space Odyssey is a great place to start if you ...
Spectro Cloud Strengthens Kubernetes Security at the Network Edge
Spectro Cloud has updated its Palette Edge platform with the option to include a distribution of Kubernetes optimized for the network edge. The latest version also adds tamperproof security capabilities for immutable ...
Container Images: The Next Software Supply Chain Concern?
Containers not only provide a mechanism for packaging code in deployable and manageable units, but containers are also a downloadable resource that can speed up infrastructure and app configurations, rapidly creating development ...
Veracode Adds Container Support to Security Tool for Developers
Veracode is launching an early access program through which it is adding support for containers to its Continuous Software Security Platform. Brian Roche, chief product officer for Veracode, says this offering will ...
Sysdig Report Reveals True Cost of Container Security Breaches
A Sysdig report published today finds that for every dollar cybercriminals generate through a cryptomining attack against a cloud container environment, victims end up paying a $53 bill. As a result, an ...
Docker, Inc. to Integrate Free SBOM Generation Tool
Docker, Inc. plans to embed the ability to dynamically generate a software bill of materials (SBOM) using the Docker Build command that developers use to build Docker images from a Dockerfile. Company ...
DevOps World 2022: Cloud-Native Will Force CI/CD Issue
It may have taken longer than anyone initially expected, but the cloud-native era for building and deploying applications has finally arrived. Nearly every major application development initiative being launched today is based ...
NSA Security Best Practices for Kubernetes
In this series, I’ve outlined why every organization should care about the NSA’s Kubernetes Hardening Guidelines and examined different areas of the guidelines. What you may suspect is that most of the ...
