Multi-Tier Security in WasmCloud: From Developer Constraints to Platform Extensibility - Brooks Townsend, Cosmonic
Abstract
In 2024, 96% of codebases contain open source, and 74% of these have high-risk vulnerabilities — a 54% increase from 2023. As open source adoption grows and the cloud native landscape evolves, robust security practices are critical. This session explores wasmCloud, a CNCF platform for distributed WebAssembly applications, focusing on achieving a secure-by-default environment. wasmCloud’s multi-tier security model addresses the needs of both developers and platform engineers. Developers work in a deny-by-default mode, requiring explicit declaration of all application capabilities. Platform engineers grant these capabilities in a fine-grained manner and extend security through pluggable services. Grounded in real-world experience and practical demos, you’ll leave this talk with the knowledge to configure and extend security using pluggable services, enabling you to leverage WebAssembly to secure your cloud native applications.