Security Nutrition Labels for Cloud Native Projects - John Kinsella, Accurics
Abstract
“Nutrition labels” are becoming popular in technology; Apple and Google are using them for privacy, and others are researching their value for communicating the state of privacy and security in IoT devices. In the open-source and cloud native ecosystems, we as developers frequently create software without clearly communicating what it does from a security point-of-view – leaving users to reach their own conclusions on what risks a project may introduce. In this talk, John describes a framework for how an open-source project could define and publish their security nutrition label that allows users to quickly understand the security implications of using or running that software project.