Forget Everything You Know About Image Vulnerability and Prioritization - Ben Hirschberg, ARMO

less than 1 minute read

Abstract

In this talk, we will present research results that highlight the vulnerabilities introduced into a Kubernetes environment when using common public images (e.g. Nginx, Elasticsearch, Kafka, etc). These vulnerabilities are identified using image scanners. However, the resulting long to-do list can overwhelm a team, leaving CVEs that matter unattended for long periods of time. You will come away from this session with new and better practices for prioritizing vulnerability patching. The key being consideration of the actual impact of the identified vulnerabilities on your security posture. The solution leverages eBPF technology to identify and highlight vulnerabilities in running artifacts and libraries. The resulting filtered Software Bill of Materials (SBOM) enables users to automatically detect vulnerabilities whose patching will have an immediate and significant impact on the security posture.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Forget Everything You Know About Image Vulnerability and Prioritization - Ben Hirschberg, ARMO

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google