2019-08-06 | Captain, we've detected a disturbance in space-time. It's coming from Earth. Someone audited the Kubernetes source • The Register
'In an email to The Register, Chris Aniszczyk, CTO and COO of CNCF, expressed satisfaction with the audit process. '
'Underscoring these findings, Kubernetes 1.13.9, 1.14.5, and 1.15.2 were released on Monday to fix two security issues in the software, CVE-2019-11247 and CVE-2019-11249. '
'"I don't know of any other open source organization that has shared and open sourced the whole process around a security audit and the results. '
'The CNCF engaged two security firms, Trail of Bits and Atredis Partners, to poke around Kubernetes code over the course of four months. '
'"We view it positively that the whole process of doing a security audit was handled transparently by the members of the Kubernetes Security Audit WG, from selecting a vendor to working with the upstream project," he said. '
1 comment
0 u/derram 07 Aug 2019 17:00
https://archive.ph/GEQec :
'In an email to The Register, Chris Aniszczyk, CTO and COO of CNCF, expressed satisfaction with the audit process. '
'Underscoring these findings, Kubernetes 1.13.9, 1.14.5, and 1.15.2 were released on Monday to fix two security issues in the software, CVE-2019-11247 and CVE-2019-11249. '
'"I don't know of any other open source organization that has shared and open sourced the whole process around a security audit and the results. '
'The CNCF engaged two security firms, Trail of Bits and Atredis Partners, to poke around Kubernetes code over the course of four months. '
'"We view it positively that the whole process of doing a security audit was handled transparently by the members of the Kubernetes Security Audit WG, from selecting a vendor to working with the upstream project," he said. '
This has been an automated message.