youtube image
From YouTube: Security Nutrition Labels for Cloud Native Projects - John Kinsella, Accurics


Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Security Nutrition Labels for Cloud Native Projects - John Kinsella, Accurics

“Nutrition labels” are becoming popular in technology; Apple and Google are using them for privacy, and others are researching their value for communicating the state of privacy and security in IoT devices. In the open-source and cloud native ecosystems, we as developers frequently create software without clearly communicating what it does from a security point-of-view – leaving users to reach their own conclusions on what risks a project may introduce. In this talk, John describes a framework for how an open-source project could define and publish their security nutrition label that allows users to quickly understand the security implications of using or running that software project.