►
From YouTube: CNCF SIG Security Meeting 2019-10-09
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
CNCF SIG Security Meeting 2019-10-09
A
A
A
A
I'm
also
hoping
that
we
can
get
at
least
one
or
ideally,
two
people
to
sign
up
as
scribes.
This
will
probably
be
a
pretty
easy
meeting
to
be
ascribed
for,
because
I
think
we're
only
going
to
have
a
few
quick
topics.
It
looks
like
on
the
agenda.
So
if
anyone
has
been
hesitant
about
being
ascribed
before
concerned
about
that
process,
then
now
is
probably
a
good
starter
meeting
to
jump
in.
A
A
B
B
We
had
we
had
a
meeting
with
the
TOC
in
terms
of
click,
planar
identify
projects
for
assessment,
I
think
we
got
a
consensus
in
the
in
the
sense
of
what
we
have.
One
thing
will
be
sensitive
to
this.
If
there
is
a
there's,
not
a
clear
agreement
of
taking
a
project
from
TOC
standpoint,
I
think
that's
a
clear
no
from
putting
in
effort
and
investment
on
that,
but
otherwise
we
will
do
it
on
a
case-to-case
basis
in
terms
of
consulting
with
us.
B
So
that's
the
corrupt,
the
a
understanding
that
we
walked
away
with
from
Judas
other
than
that
I.
Have
this
spinning
task
of
working
with
Hobbit
to
bring
all
the
policy
document
into
our
repo
I?
Will
try
and
work
through
that
with
them?
There's
an
open
issue
there.
What
people
should
expect
and
see
for
is
like
one
single
place
where
they
can
see
things
about
six
security
and
then
different
working
groups
within
six
security
for
different
areas
of
the
problem.
They
assessment
policy
in
dot
dot
dot.
So
that's
it's
mostly.
They
obey
that
I
have.
A
A
Ok,
so
I
had
a.
We
were
working
on
a
few
things
related
to
toughen
in
toto
just
to
keep
it
really
brief.
We're
working
towards
graduation
of
tough
I
think
we're
just
waiting
for
the
TOC
to
call
a
vote
on
that
and
in
toto
is
moving
increasingly
closer
to
incubation.
So
we
should
also
have
something
in
front
of
the
TOC
for
that
in
the
not-too-distant
future,
and
then
a
few
weeks
hopefully
and
we'll
be
able
to
present
it
at
an
upcoming
meeting.
C
Hey
guys,
nothing
to
do
from
the
nist
big
data
working
group,
although
we
do
have
approval
from
NIST
for
volume
4
on
security
and
privacy,
so
it
should
be
an
official
announcement
sometime
before
the
end
of
the
year,
I'm
gonna
put
into
the
chat
the
a
request
for
review
of
the
key
management
document
from
NIST.
That's
something
that
I
don't
know
if
we
talked
about
too
much
in
this
group,
but
it's
something
we
should
keep
on
her
radar
good.
For
me.
C
E
D
D
F
Sure
so,
yes
we're.
We
have
a
waitlist
running
for
the
six
security
day
as
well.
So
if
you
weren't
able
to
get
in
make
sure
you
add
yourself
to
the
waitlist
I
want
to
say
we'll
have
probably
about
40
tickets
were
able
to
release
once
we
confirm
the
setting
for
the
larger
room
on
other
news.
I'm
working
on
should
be
submitting
probably
later
today
the
pull
request
to
request
Falco
incubation.
A
H
Hi,
so
a
couple
of
dates:
mom
from
like
the
security
and
of
what
I'm
doing
the
container.
The
support
for
contained
encryption
was
much
like
two
weeks
and
was
released
at
one
point
tree.
So
at
some
point,
I
will
write
something
about
it
and
maybe
give
a
temple
to
the
group
other
than
that.
My
group
has
been
exploring
intel
sec,
l,
libraries.
This
is
kind
of
like
something
new.
H
A
I
I'll
manage
is
catching
up.
I've
been
traveling
for
several
weeks
too
long,
I'm
good
I'm,
not
travelling
for
the
next
month,
so
I've
got
some
bandwidth
to
do
some
bits:
pieces
Michael.
If
unions,
if
you
need
any
final
bits
for
the
Falco
presentation
like
judo
and
sort
of
numbers
gathering
for
anything,
let
me
know
I'm
or
if
there's
things
that
would
be
useful
for
the
sake
security
stuff
I
can
definitely
help
out
a
bit
in
the
next
month.
Great.
A
J
J
Management
of
hardware
security
devices
and
encryption
so
TPM
and
other
related
things,
so
it's
called
parsec
and
it's
very
early
stage,
but
it's
we're
working
on
budget
integrations
with,
for
example,
with
spiffy
for
that,
and
it
might
be
of
interest
to
people
in
the
cloud
mates
space.
They
think
me
if
you're
interested.
A
A
A
B
G
So
we
presented
the
assessment
done
for
OPA,
as
well
as
the
review
of
the
assessment
as
done
by
the
review
team.
We
have,
we
presented
a
single
slide.
We
can
link
to
that
and
also
we
have
a
PR
open,
which
we
linked
to
last
week
in
the
in
the
comments
where
people
can
add
their
comments
and
give
us
any
feedback.
So
that's
pretty
much.
We
are
waiting
on
right
now,
any
feedback
from
the
community
on
that
er
related
to
the
assessment
itself,
as
well
as
the
review
Justin.
If
you
want,
you
can
add
more
this.
A
Know
that
that's
my
understanding
as
well,
I
was
yeah
and
I
I
do
I
do
want
to
say
that
I
think
that
for
those
who
weren't
there
and
also
I
think
we
discussed
this
last
week,
but
I
think
the
the
process
of
having
the
project
as
someone
from
the
project
like
ash
in
this
case
present
part
of
it
and
someone
from
the
assessment
team,
which
was
Sarah
in
this
case.
Presenting
part
of
it
actually
worked
very
well.
A
F
We
were
undergoing
something
new,
we're
calling
it
the
I'll
share
my
screen
and
just
sorry,
let
me
pull
it
off
we're
calling
it
the
security
hub
or
maybe
the
clock.
Of
course,
a
dog
starts
barking
as
I
start
presenting
right,
so
it's
called
the
cognitive
security
hub
and
the
idea
is
that
you
can
kind
of
have
it's
kind
of
like
the
operator
hub
if
you've
seen
the
operator
bomb
and
with
this,
the
idea
is
that
you
can
have
Falco
rules,
but
also
you
could
have
things
like
pop
security
policies.
F
If
you
already
have
the
Falco
home
chart
installed,
you
can
just
run
a
helm,
upgrade
and
passing
the
rules,
but
then
we're
also
thinking
of
for
Falco
or
maybe
going
down
the
route
of
building
like
a
CTL
tool
so,
like
maybe
Falco
CTL,
to
manage
the
rules
or
some
other
tool
like
that
and
I'm
going
to
pause
and
take
a
breath.
While
people
can
comment
and
I
can
get
this
dog
to
be
quiet.
I
F
Because
we
could,
we
could
store
those
the
exact
same,
that
the
regular
files
up
here
in
the
security
hub.
You
could
even
have
things
like
a
place
for
like
admission
controllers
and
the
validating,
what
books
and
stuff
like
that.
So
you
can
have
a
centralized
location,
at
least
where
you
can
find
them
all
right
and
even
in
being
a
directory
as
useful
yeah.
I
I
also
like
the
generic
security
hub
conversations
today
may
Polly
for
me
on
that
into
gap,
delivery
about
like
operate
a
hub
and
helm
hub
and
the
risk
of
having
like
it's
sort
of
like
from
an
application
standpoint.
Oh,
where
do
I
go,
get
tamiya
get
my
applications
with
communities
and
the
answer
is
it's
spread
out
and
this
talk
of
operator
hub
being
policy
as
the
NCS
and
then
there's
suddenly,
this
two
of
them
within
the
same
banner.
So.
I
I
F
F
I
I
F
E
E
G
A
Yeah
I
think
similar
to
how
the
supply
chain
compromise
situation
was
handled.
I
think
that
is
being
moved
over.
We
at
least
that
would
be
something
that
would
I
think
be
a
model
that
maybe
the
chairs
or
others
should
discuss,
is
like.
What's
the
way
that
we
should
take
resources
like
this
mm-hmm,
maybe
that's
something
I,
don't
know
to
be
surfaced.
Doesn't
it
item
next
week
after
everybody's
had
a
chance
to
think
through
it
yeah.
F
I
mean
that
would
be
an
interesting
thing.
Is
that
if
it
be
a
sig,
Security
sponsored
project
or
fact
project,
and
then
members
of
six
security
from
the
different
CN
CF
projects
could
contribute
to
it.
That's
by
I
mean
we'd,
be
happy
to
talk
about
that
route,
but
then
it
just
being
an
independent
thing
that
all
the
projects
work
on
together.
We're
happy
with
that
as
well.
So.
B
D
B
B
A
C
That's
why
here
so
pardon
my
cold?
The
friend
of
mine
was
a
gun
joined
last
week
and
I
missed.
Last
week's,
like
looks
like
from
the
notes
he
didn't
show
up
he's
working
with
somebody
in
the
open,
telemetry
group
and
I
wondered
if
any
of
us
have
already
contacted
them
because
there's
you
know
connection,
do
what
we're
doing
for
security
logging
and
forensics
and
they're
trying
to
move
that
group
for
it
as
I
understand
it.