►
From YouTube: CNCF SIG Security 2020-11-11
Description
CNCF SIG Security 2020-11-11
A
B
C
C
By
the
way
I
wanted
to
to
ask
you:
what
are
you
using
for
authorization
for
for
spiffy
city
ids?
Is
there
any
like.
B
They're
they're
currently
like
different
systems
and
rebuilding
anyone
that
will
use
this
because
sp,
okay
only
but
yeah.
I
have
to
build
everything:
okay,.
B
C
Let's
post
meeting
notes
in
the
chat.
C
Yeah
and
we'll
try
and
keep
this
this
session
brief
since
justin
has.
C
Let
us
know
that
it's
veterans
day
and
I
think,
remembrance
day
in
europe,
so
I
think
we
have
a
pretty
short
agenda
so
so
we
can
let
everyone
get
back
to
to
the
holiday
yeah.
C
It
was
just
kind
of
weird
timing
because
we
didn't
have
last
week's
one
because
of
election
election
day
and
then
we
have
to
pronounce
thanksgiving.
So
I
think
we
wanted
to
kind
of
just
sync
up
really
quickly
before
everyone
forgets
about
us
and
okay.
I
think
the
main
agenda
item
we
have
is
from
renee
today.
So
let's
wait
a
couple.
B
I'll
ask
that
question
like
well:
do
we
do?
We
need
to
wait
I'll,
go
for
it
and
see
yeah
anybody
looked
into
that
google
security
score
open
source
project.
I
found
it's
pretty
interesting
idea.
B
B
B
Basically,
they
explaining
what's
what
checks
are
and
what
you
can
do
and
how
you
can
enable
the
things
like
part
of
this,
like
a
files
in,
for
example,
using
us
for
us
and
some
things
like
assass,
for
example,
using
something
that
you
can
also
enable
for
as
a
part
of
git,
and
I
think
it's
free
for
open
source
projects
which
all
they
seems
to
be
good
practices.
I
think
we
should
encourage
doing
something
like
this.
C
C
Okay,
yeah,
I
posted
the
link
for
that
in
the
chat
for
those
that
are
interested
and
then
we
have,
we
have
a
message
in
the
the
site
channel.
So
anyone
interested
can
comment
at
that
as
well
cool.
I
think
we
have
vinaya.
E
C
Yeah,
I
I
I
think
we're
just
gonna
do
quick
round
of
check-ins.
It
doesn't
seem
like
that's
that
much
update
on
today.
C
I
I
think
we're
gonna
do
a
couple
new
faces
around,
so
maybe
let's
kind
of
go
through
that
really
quickly
and
then
I
think
vinay
you
you
own
most
of
the
well
all
of
the
agenda
items
today.
So
I,
after
we
did
the
check-ins
we'll
pass
it
over
to
you,
that's
good!
C
Okay,
so
I
see
a
couple
new
faces
on
your
names
around
here.
Do
you
want
to
do
an
introduction
if
you're
new,
I
think,
altezz
and
eric
and
modo.
F
I'll
jump
in
real,
quick,
hi
everybody,
I'm
altas
here,
calling
in
from
toronto
in
canada.
I
work
for
a
company
called
security
compass
and
we're
all
about
sort
of
security
and
trying
to
help
devops
teams
move
quickly
and
making
sure
that
security
doesn't
slow
them
down.
So,
looking
forward
to
working
with
you
guys
on
this.
F
C
All
right
eric
malo,
do
you
want
to
do
a
quick
introduction.
G
G
H
This
is
eric,
so
yeah.
I
believe
I
joined
these
meetings
a
while
back,
but
yeah.
I
just
wanted
to
get
back
involved.
Then
working
at
a
company
called
systick,
so
involved
with
kubernetes
security
and
yeah
just
wanted
to
get
a
broader
perspective
as
well.
C
Awesome
welcome
back
eric
all
right,
cool
thanks
and
I've.
I
posted
the
new
members
page.
So
if
that's
something
that
could
be
helpful,
you
know
also,
please
add
yourself
as
well
to
remember
this
for
those
that
already
have
not
done
that
awesome.
So
vinay,
I
think
the
the
flaw
is
yours.
E
Hey
thanks
thanks
brandon
hello.
Everyone,
as
you
all
know
that
we've
been
hard
at
work
at
this
security
white
paper
and
I
think
the
light
is
at
the
end
of
the
tunnel,
and
I
think
it's
it's.
I
think
for
all
practical
purposes.
It's
done
so
I
I
you
know
I
was
throwing
around
an
idea
which
is
how
about
if
some
of
the
authors
of
the
paper
did
a
webinar,
and
it's
almost
like.
E
I
know
it's
not
like
a
fireside
chat,
but
it's
almost
like
a
roundtable
kind
of
a
format
where
we
highlight
the
various
salient
aspects
of
it
and
to
truly
provide
some
kind
of
a
perspective
from
thought
leaders
and
the
industry
from
their
learnings
as
it
applies
to
those
various
aspects
and
dimensions
of
security,
as
it
pertains
to
cloud
native
workloads
that
we
have
outlined
in
the
paper,
and
I
think
some
of
those
are
very,
very
beneficial.
As
we
all
know,
we've
seen
it
done
at
kubecon
and
other
other
events.
E
So
I
thought
how
well
what
if
we
floated
the
idea
to
actually
pull
together
such
such
an
event,
to
really
amplify
the
message
of
the
cloud
native
security
paper
across
across
the
community
and
the
industry,
and
so
I
wanted
to
bring
that
up
and-
and
I
know
as
we
do
always-
I've
cut
a
ticket
for
it
and
it's
there
in
the
document
today.
But
if
you'd
like.
Let
me
just
quickly
grab
a
link
to
that
and
then
I'll
post
it
here
in
the
chat.
E
So
if
you're
interested,
please
feel
free
to
call
it
out
in
the
in
the
in
the
ticket
and
we'll
see
how
we
can
move
that
forward.
But
you
know
the
the
whole
intention
is
to
you
know,
bring
some
of
the
authors
together
to
really
really
talk
about
some
of
the
salient
aspects
as
we
talk
about.
In
my
mind,
the
way
I've
started
to
think
about
this
is
two
dimensions.
E
One
is
the
environment
perspective
where
we
talk
about
compute
access,
storage,
runtime
and
then
the
application
life
cycle
where
we
talked
about
you
know,
develop,
distribute,
deploy
and
to
really
really
just
reiterate
that
message
as
we
move
this
forward.
So
I
don't
know
brandon
if
we
should
have
the
discussion
here,
but
the
ticket
is
cut,
so
we
should,
if
you're
interested
to
talk
about
it.
Definitely
please
call
call
yourself
out
on
the
ticket,
so
so
that
is
one
it's
a
very,
very
short
request:
kind
of
update.
C
I
think
I
think
that's
cool
and
it's
definitely
gonna
help
socialize
to
the
white
paper
a
lot
just
just
kind
of
just
when
you
talked
about.
I
was
thinking
that
maybe
we
could
see
whether
we
can
try
and
have
a.
I
I'm
not
sure
what
platform
that
you're
thinking
about,
but
I
was
thinking.
Maybe
if
you
could
get
a
thought
on
the
cncf
webinars.
I
think
that
would
be
cool.
E
Yeah,
no
actually,
oh,
I
that
that's
exactly
right,
brandon
I
was
thinking.
Maybe
I
don't
know
what,
if
seek,
security
has
like
a
calendar
for
webinars,
but
how
and
the
next
steps
was
to
determine
what
the
logistics
would
be
to
figure
that.
E
So
that
was
one
of
the
first
points
that
I
wanted
to
talk
about,
and
the
second
one
that
I
also
wanted
to
talk
about
is
the
idea
came
about
where
I
think
pushkar.
E
Had
you
know,
kicked
off
an
effort
to
actually
have
a
kubernetes
perspective
right,
a
kubernetes
perspective
on
the
cloud
native
security
white
paper
that
we
will
that
I
think
it's
already
underway.
I
think
it's
already
written
and
going
to
be
published.
So
what?
But?
What?
Once
again,
I
thought
about.
You
know
one
of
the
themes.
As
you
know,
it's
this
paper
is
37
pages
long.
E
I
think
if
it
hasn't
been
shortened
since
and
and
and
that's
a
lot
right
so
I
wanted-
I
was
thinking
about
kind
of,
like
mini
blogs
or
micro
blogs-
that
we
could
actually
write,
go
a
little
bit
deeper
and
into
each
of
those
dimensions
once
again
and
because,
when
you
think
about
how
the
industry
and
practitioners
apply
right
at
the
end
of
the
day,
a
lot
of
this
great
stuff
is
coming
from
the
community.
E
But
we
want
practitioners
to
actually
take
a
lot
of
these
concepts
and
actually
apply
it
in
their
different
environments
and
for
their
use
cases.
So
to
take.
I
don't
know
how
we
can
slice
and
dice
it.
Maybe
two
three
four
blogs:
something
like
that,
but
go
a
little
bit
deeper
into
the
best
practices
and
to
really
help
move
the
needle
and
help
people
who
are
either
new
or
practitioners
who
are
struggling
with
different
kind
of
concepts
to
get
a
a
slightly
deeper
perspective,
to
truly
take
a
lot
of
these
concepts
and
operations.
E
So
so
that
was
the
motivation
and
thought
around.
The
second
mini
slash,
microblog
series
and
fundamentally,
as
you
can
see,
I
think
the
general
motivation
is.
I
I
think
the
all
of
us
at
security
have
done
such
a
tremendous
job.
This
is
truly
a
phenomenal
product
and
to
see
once
again
how
we
can
help
evangelize
and
amplify
that
message
across
the
community.
C
So
I
hope
I
wish
sarah
was
here
for
this,
so
a
while
back.
You
know
there
was
kind
of
this
idea
of
having
a
security
website
where
you
could
kind
of
get
the
resources
together
and
I'm
not
sure
whether
you're
thinking
about
it.
In
terms
of
like
a
blog
on
other
platform
or
whether
you
know
six
security
itself
can
have.
E
Yeah,
so
I
think
jj
had
mentioned
that
there
was
some
talk
around.
That,
I
believe,
is
that
right.
C
C
It
was,
I
think,
and
then
a
kind
of
the
people
that
were
working
on
it
kind
of
got
busy
like
a
lot
of
other
things.
So
I
think
there
was
like
some
kind
of
groundwork.
We
started
talking
to
the
cnncf,
we
got
some
hosting.
Actually
they
do
the
whole
thing
another
five.
C
C
Shoot
an
email
or
may
just
comment
on
this
thread
and
then
see
whether
we
can
get
the
credentials
yeah
and
maybe
you
know,
cbd-
can
kind
of
revive
revive
this.
E
C
But
chase
yeah.
I
think
that
the
the
idea
is
cncf
has
given
us
a
domain
identified
domain
for
hosting
things,
and
then
we
can
put
it
on
that.
E
Sure,
sorry,
I
it's
a
really
bizarre
thing
happened,
zoom
just
crashed
and
it
rebooted
anyway,
and
it
was
quick
sorry
about
that.
I
might
have
missed
the
the
previous
part
of
your
comment.
C
We
were
just
just
responding
to
the
chase's
comment,
but
yeah.
I
think
we
got
most
of
that
and
then
around
the
end.
E
Yeah
yeah-
and
I
also
I
I've-
lost
the
chat
history
because,
but
I
also
posted
the
other
ticket,
I
think
it's
4
50
and
4
51..
Hopefully
it's
there
and
once
again
I
would
love
for
volunteers
to
collaborate
on
the
the
451
as
well.
C
Okay,
do
you
do
you
have
any
thoughts
on
like
how
to
break
down
the
blocks
or
like
what
the
granularity
of
it
would
be.
E
A
great
question
I
do
so
what
I
would
like
to
do
is
maybe
just
put
out
a
document
and
I'll
attach
it
to
the
ticket
and
give
a
perspective
just
to
start
getting
feedback
and
input
on
how
we
can
take
it
from
there.
Yeah
sure.
I'm
happy
to
kick
that
off.
C
Yeah,
I
think
if
we
have
a
list
of
topics
and
then
we
could
get
some
interest
for
people
to
sign
up
for,
for
you
know
things
that
they
they
could
write
about.
That
would
yeah.
That
would
help
yeah.
C
Awesome
so
thanks
renee
do
we
have
any
other
topics,
any
other
discussion
that
we
want
to
have
today.
C
A
C
Yeah
and
and
also
we
have
a
six
security
session
as
well
at
cubecon,
so
on
drop
by
what.
C
Oh,
that
is,
it
is
on.
Let
me
look
it
up.
C
Cool,
if
not
hopefully,
you'll
see
most
people
next
week
during
comedy
day
security
day
excited
for
that
awesome.
Thank
you.
Everyone.