►
From YouTube: CNCF SIG Security 2020-05-20
Description
CNCF SIG Security 2020-05-20
A
B
B
C
B
D
B
B
B
D
Okay,
this
is
Mark
here,
mark
mania,
I'm
joining
from
arm
I'm
part
of
the
software
ecosystem,
development
group
at
arm
and
I'm
working
with
a
number
of
collaborators
in
the
industry
around
the
project.
That's
going
to
be
pitched
today.
Paul
is
our
technical
lead
on
that
project,
purchased
called
parsec.
Justin
Cormac
is
quite
familiar
with
that
project.
D
Having
been
part
of
the
founding
group
at
docker,
where
I
originally
started
as
well
so
I've
been
at
arm
for
about
five
weeks
now
and
prior
to
this
I
was
at
docker
working
alongside
Justin
in
a
business
development
role,
so
happy
to
be
here
and
I
actually
hoped
to
attend
these
sessions
a
little
more
in
the
future.
Thank
you,
oh
thank
you
mom.
So.
C
Wayne
Hebert
in
on
one
of
the
security
teams
at
gitlab
and
actually
similar
mark.
This
is
my
first
meeting
and
I
plan
to
attend
future
ones.
I
can
contribute
I'm.
Just
get
lab
is
really
happy
to
take
advantage
of
CN
CF
initiatives,
and
we
want
to
give
back
as
well
so
I'm
just
listening
in
today
to
learn.
A
E
B
B
B
D
D
B
D
D
B
G
I
F
B
G
F
E
F
Ok
well,
look.
We
can
have
that
discussion
on
the
issue
tracker.
We
need
to
do
more
than
just
it
shouldn't
be
one
person
pushing
something.
We
should
really
try
to
lay
out
the
pros
and
cons
and
like
to
collectively
come
to
a
reasoned
decision
about
what
to
do,
of
which
I
mean
the
option
is
to
stay
where
we
are,
but
obviously
it's
frustrating
for
me
to
call
in
and
try
to
attend
a
presentation
that
I'm
not
gonna
be
able
to
do
the
slides
on.
D
D
So
Paul
is
suggesting
that
we
consider
rescheduling
because
his
mobile
device
doesn't
have
enough
power
and
he's
gonna
have
to
use
his
phone
in
an
environment.
That's
a
little
bit
noisy
all
this
working
from
home
right.
There
he's
a
bit
he's
struggling
right
now,
try
to
get
everything
lined
up.
He
sent
me
the
deck,
but
I
haven't
received
it
yet
so
I
don't
know
if
it's
too
big,
but
he
says
frantically
trying
to
set
our
everything
up
all.
B
B
B
B
L
B
So
the
idea
here
is
to
create
somewhat
of
a
a
set
of
processes
that
will
map
onto
projects
in
the
CNCs
security
landscape
and
one
example
that
we
started
with
here
is
being
able
to
do
it
on
applications.
So
how
do
you
create
a
file
native
security
rather
application,
so
this
goes
should
a
pipeline.
In
fact,
okay
developers
commit
code
for
the
treads,
while
the
the
Prevention's
and
mitigations
and
so
on
right
and
the
other
part
of
it
that
we
think
that
is
also
equally
important.
Is
how
do
you?
B
How
do
you
express
this
information?
How
do
you
make
it
easily,
digestible
and
interpreter,
and
so
as
far
this
book
is
kind
of
creating
an
interface
which
makes
it
easy
to
navigate
these
items
so
eating?
It's
I
could
have
to
download
this
right
so
even
put
together
this
mock-up
and
PowerPoint
of
example.
What
the
landscape
would
look
like.
Do
you
want
to
take
it
from
here?
It.
L
This
pretty
much
was
trying
to
get
an
idea
on
when
you
say
you
wanted
that
to
be
interactive
on
what
you
mean
right,
so
that
this
is
a
prototype.
I
did
that
quickly
in
PowerPoint
to
show
that
that's
kind
of
the
user
experience
only
the
first
two
boxes,
clickable
based
on
from
the
PowerPoint.
You
have
Brendan
okay,
and
if
you
click
on
that
box,
I
click
for
more
details,
and
that
shows
up
in
that.
And
then,
if
you
click
on
the
closed
box
or
you
click
on
Cole
review,
you
will
go
to
Cole
review.
B
L
L
Animation
and
transition
is
an
easy,
quick
way
to
kind
of
get
a
prototyping
together
and
you
don't
have
to
mess
with
off
designing
it.
Oh
yeah,
you
can
even
do
video
clips
within
PowerPoint
I
did
one
of
money
across
Hajer
via
PowerPoint
I.
Don't
have
those
you
know,
cause
million
dollar
type
of
video.
B
L
B
L
L
But
if
you're,
like
all
the
boxes
or
this
material
gonna
be
change
frequently,
then
you
will
have
to
want
to
design
a
web
app
that
is
data-driven
and
have
design
agree
funds
separately
from
there
and
then
wherever
data
you
plug
in
there's
much
more
upfront
development,
but
then
for
the
longer
run.
If
you
expect
to
like,
for
example,
quickly
at
another
box
in
this
flow
as
an
example,
then
you
don't
need
to
deal
with
the
front
ends
I
of
it.
L
B
B
B
A
B
B
It
should
be
kind
of
putting
out
the
content,
I
think
B.
We
came
up
with
a
few
ideas
right,
so
so
I
think
there
would
be
a
couple,
so
I
think
that
there's
two
parts
of
it
one
of
it
is
there
will
be
a
couple
processes
like
how
do
you
set
up
the
infrastructure
securely
and
then
one
is
hardly
developer,
AB
securely
and
then
once
maybe
logging
a
monitoring
and
things
like
that.
B
M
B
F
Will
say
that
at
a
high
level,
our
goal
here
is
who
organizes
by
the
steps
that
are
occurring
in
a
normal
like
application
deployment
life
time,
and
so,
if
there's
things
that
we're
missing
there
or
things
that
you
know
need
to
be
expanded
on
or
done
differently
there.
That
would
be
really
helpful
to
see,
because
that
sort
of
like
be
the
the
prim,
the
organizing
principle
is.
We
is
to
put
things
that
way,
because
then
it's
very
easy
to
tell
where
security
systems
go,
because
they
either
are
aren't
used
at
different
steps.
F
K
To
finally
make
it
by
Brandon,
I
am
so
I
am
so
sorry
key
to
to
everyone
for
the
hassle.
I
have
no
idea
what
happened,
but
pretty
much
every
way
I
tried
to
get
into
the
zoom
meeting.
Despite
having
joined
this
meeting
before,
despite
having
the
client
on
my
machine,
it
was
not
letting
me
in
that
the
route
that
eventually
worked
was
signing
in
with
Facebook
believe
it
or
not.
So
so
so
he
eventually,
let
me
in
was
a
Facebook
user.
H
N
K
K
K
B
K
B
B
All
right
so
I
think,
let's
see
whether
there's
any
other
issues
to
talk
about
I,
think
Emily
and
I,
and
the
were
looking
at
some
issues
and
marked
some
issues
and
in
the
end
get
up
to
say.
You
knows
what
are
some
of
the
good
things
that
we
feel
like
new
members
could
take
a
look
at
I
think
we
will
cover
that
in
the
next
working
session.
I,
don't
think
that's
right
here.