►
From YouTube: CNCF SIG Security 2020-11-11
Description
CNCF SIG Security 2020-11-11
A
B
C
C
B
B
C
It
was
just
kind
of
weird
timing
because
we
didn't
have
last
week's
one
because
of
election
election
day
and
then
we
have
to
pronounce
thanksgiving.
So
I
think
we
wanted
to
kind
of
just
sync
up
really
quickly
before
everyone
forgets
about
us
and
okay.
I
think
the
main
agenda
item
we
have
is
from
renee
today.
So
let's
wait
a
couple.
B
B
B
B
Basically,
they
explaining
what's
what
checks
are
and
what
you
can
do
and
how
you
can
enable
the
things
like
part
of
this,
like
a
files
in,
for
example,
using
us
for
us
and
some
things
like
assass,
for
example,
using
something
that
you
can
also
enable
for
as
a
part
of
git,
and
I
think
it's
free
for
open
source
projects
which
all
they
seems
to
be
good
practices.
I
think
we
should
encourage
doing
something
like
this.
C
C
E
C
C
C
F
I'll
jump
in
real,
quick,
hi
everybody,
I'm
altas
here,
calling
in
from
toronto
in
canada.
I
work
for
a
company
called
security
compass
and
we're
all
about
sort
of
security
and
trying
to
help
devops
teams
move
quickly
and
making
sure
that
security
doesn't
slow
them
down.
So,
looking
forward
to
working
with
you
guys
on
this.
F
G
G
H
C
E
Hey
thanks
thanks
brandon
hello.
Everyone,
as
you
all
know
that
we've
been
hard
at
work
at
this
security
white
paper
and
I
think
the
light
is
at
the
end
of
the
tunnel,
and
I
think
it's
it's.
I
think
for
all
practical
purposes.
It's
done
so
I
I
you
know
I
was
throwing
around
an
idea
which
is
how
about
if
some
of
the
authors
of
the
paper
did
a
webinar,
and
it's
almost
like.
E
I
know
it's
not
like
a
fireside
chat,
but
it's
almost
like
a
roundtable
kind
of
a
format
where
we
highlight
the
various
salient
aspects
of
it
and
to
truly
provide
some
kind
of
a
perspective
from
thought
leaders
and
the
industry
from
their
learnings
as
it
applies
to
those
various
aspects
and
dimensions
of
security,
as
it
pertains
to
cloud
native
workloads
that
we
have
outlined
in
the
paper,
and
I
think
some
of
those
are
very,
very
beneficial.
As
we
all
know,
we've
seen
it
done
at
kubecon
and
other
other
events.
E
So
I
thought
how
well
what
if
we
floated
the
idea
to
actually
pull
together
such
such
an
event,
to
really
amplify
the
message
of
the
cloud
native
security
paper
across
across
the
community
and
the
industry,
and
so
I
wanted
to
bring
that
up
and-
and
I
know
as
we
do
always-
I've
cut
a
ticket
for
it
and
it's
there
in
the
document
today.
But
if
you'd
like.
Let
me
just
quickly
grab
a
link
to
that
and
then
I'll
post
it
here
in
the
chat.
E
So
if
you're
interested,
please
feel
free
to
call
it
out
in
the
in
the
in
the
ticket
and
we'll
see
how
we
can
move
that
forward.
But
you
know
the
the
whole
intention
is
to
you
know,
bring
some
of
the
authors
together
to
really
really
talk
about
some
of
the
salient
aspects
as
we
talk
about.
In
my
mind,
the
way
I've
started
to
think
about
this
is
two
dimensions.
E
One
is
the
environment
perspective
where
we
talk
about
compute
access,
storage,
runtime
and
then
the
application
life
cycle
where
we
talked
about
you
know,
develop,
distribute,
deploy
and
to
really
really
just
reiterate
that
message
as
we
move
this
forward.
So
I
don't
know
brandon
if
we
should
have
the
discussion
here,
but
the
ticket
is
cut,
so
we
should,
if
you're
interested
to
talk
about
it.
Definitely
please
call
call
yourself
out
on
the
ticket,
so
so
that
is
one
it's
a
very,
very
short
request:
kind
of
update.
C
I
think
I
think
that's
cool
and
it's
definitely
gonna
help
socialize
to
the
white
paper
a
lot
just
just
kind
of
just
when
you
talked
about.
I
was
thinking
that
maybe
we
could
see
whether
we
can
try
and
have
a.
I
I'm
not
sure
what
platform
that
you're
thinking
about,
but
I
was
thinking.
Maybe
if
you
could
get
a
thought
on
the
cncf
webinars.
I
think
that
would
be
cool.
E
E
Had
you
know,
kicked
off
an
effort
to
actually
have
a
kubernetes
perspective
right,
a
kubernetes
perspective
on
the
cloud
native
security
white
paper
that
we
will
that
I
think
it's
already
underway.
I
think
it's
already
written
and
going
to
be
published.
So
what?
But?
What?
Once
again,
I
thought
about.
You
know
one
of
the
themes.
As
you
know,
it's
this
paper
is
37
pages
long.
E
But
we
want
practitioners
to
actually
take
a
lot
of
these
concepts
and
actually
apply
it
in
their
different
environments
and
for
their
use
cases.
So
to
take.
I
don't
know
how
we
can
slice
and
dice
it.
Maybe
two
three
four
blogs:
something
like
that,
but
go
a
little
bit
deeper
into
the
best
practices
and
to
really
help
move
the
needle
and
help
people
who
are
either
new
or
practitioners
who
are
struggling
with
different
kind
of
concepts
to
get
a
a
slightly
deeper
perspective,
to
truly
take
a
lot
of
these
concepts
and
operations.
E
So
so
that
was
the
motivation
and
thought
around.
The
second
mini
slash,
microblog
series
and
fundamentally,
as
you
can
see,
I
think
the
general
motivation
is.
I
I
think
the
all
of
us
at
security
have
done
such
a
tremendous
job.
This
is
truly
a
phenomenal
product
and
to
see
once
again
how
we
can
help
evangelize
and
amplify
that
message
across
the
community.
C
So
I
hope
I
wish
sarah
was
here
for
this,
so
a
while
back.
You
know
there
was
kind
of
this
idea
of
having
a
security
website
where
you
could
kind
of
get
the
resources
together
and
I'm
not
sure
whether
you're
thinking
about
it.
In
terms
of
like
a
blog
on
other
platform
or
whether
you
know
six
security
itself
can
have.