In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Back To Schedule
Friday, April 21 • 16:00 - 16:35
A Look Under the Hood of CNCF Security Audits - Adam Korczynski & David Korczynski, Ada Logics

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

To graduate, a CNCF project must complete a third party security audit and publish the results publicly. Because of the nature of the work, much of it is done behind closed doors. In this talk, Adam and David present their experiences with auditing CNCF projects, how a security audit progresses, what the projects should expect, and what the outcomes have been so far. We also examine which vulnerabilities have been found, and what is required from the CNCF projects to complete a third party security audit. Over the last year and a half, Ada Logics has carried out security audits of six CNCF projects and worked with the projects on mitigating found issues and publishing the results. The projects the team audited were: Flux, CRI-O, KubeEdge, Argo, Istio and Cilium. The talk will also go over the audit reports and how they are helpful to contributors, adopters and other security researchers looking to contribute security work. The talk will cover both high-level problems and results as well as a technical look into the security issues that CNCF projects face.

avatar for David Korczynski

David Korczynski

Security Researcher, Ada Logics
David Korczynski is a security researcher at Ada Logics and his focus is on building tools that automate software security analysis. In the open source community David is a top contributor to OSS-Fuzz and has worked on fuzzing several CNCF projects, e.g. Fluent Bit, Envoy and Linkerd2-proxy... Read More →
avatar for Adam Korczynski

Adam Korczynski

Security Engineer, Ada Logics
Adam is a security engineer at Ada Logics where his work mainly focuses on security automation. He is heavily involved in open source projects and is a top contributor to OSS-Fuzz.

Friday April 21, 2023 16:00 - 16:35 CEST
Auditorium + Balcony | Ground + First Floor | Congress Centre
  Security + Identity