How the Argo Project Transitioned From Security Aware To Security First - Henrik Blixt & Michael Crenshaw, Intuit

less than 1 minute read

Abstract

When the Argo project applied for graduation, we believed we had a good handle on security. After all, we hadn’t had any CVEs in a while, and we had 100s of companies using it in production. So everything must be great, right? This is the story of an incubating CNCF project learning: what we didn’t know and how we dove headfirst into a mission to put security first. Attendees will learn about the project processes we put in place for reported vulnerabilities, how to work with external security companies, and the help we received from the CNCF. We’ll also dig into the engineering best practices we implemented as well as take a look at some concrete implementations around SBOMs and Fuzzing. The information in this talk will be especially beneficial to anyone from incubating or sandbox projects that are setting out to improve their security posture, but the learnings, stories and recommendations presented will be equally applicable to any software project or product.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

How the Argo Project Transitioned From Security Aware To Security First - Henrik Blixt & Michael Crenshaw, Intuit

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google