Kubernetes Third Party Audit Review - Iain Smart, AmberWolf; Amir Montazery, Open Source Technology Improvement Fund; Rey Lejano, Red Hat; Tabitha Sable, Datadog; Pietro Tirenna, Shielder

less than 1 minute read

Abstract

Kubernetes recently underwent a third party audit, organised by SIG-Security-Audit in collaboration with OSTIF, and performed by Shielder. This session will discuss the audit process, from planning and logistics to delivery and the experience of an Open Source project working with a vendor. We’ll discuss some historical context around previous audits and ongoing security improvements which have been performed as a result before diving into the findings from the 2025 audit. This 2025 audit marked a strategic evolution, moving beyond the core-focused audits of 2019 and 2022 to scrutinize the wider ecosystem of non-core components like Cluster API, Konnectivity, and Image Builder. We will explore impactful themes from the findings discovered, such as supply chain risks, insecure design patterns, and unsafe defaults, providing actionable lessons for developers and security practitioners in the cloud-native community.

Sched URL

Video

Share on

X Facebook LinkedIn Bluesky

About

Conferences

Kubernetes Third Party Audit Review - Iain Smart, AmberWolf; Amir Montazery, Open Source Technology Improvement Fund; Rey Lejano, Red Hat; Tabitha Sable, Datadog; Pietro Tirenna, Shielder

Abstract

Video

Share on

You May Also Enjoy

The Shared Service Blueprint: A Guide to Multi-Tenancy, Illustrated With KEDA - Aya Igarashi, Preferred Networks, Inc.

Tailor Made: Dynamic Fine-Grained Authorization for API Traffic - Erica Hughberg, Tetrate & Andres Aguiar, Okta

SPIFFE Meets OAuth: Federated Identity for Cloud Native Workloads - Yoshiyuki Tabata, Hitachi, Ltd.

SB💣💣M: Making SBOMs Play Together - Jacopo Bufalino, CNAM & Agathe Blaise, Thales SIX GTS France