►
From YouTube: Kubernetes SIG Security Assessments 20230228
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
righty,
why
don't
we
go
ahead
and
get
started
here?
Looks
like
it's
gonna
be
a
pretty
quick
one,
so
yeah
I
guess
in
terms
of
introductions.
Does
anyone
here
want
to
introduce
themselves.
A
All
righty
so
yeah
on
the
discussion
and
the
only
point
that
I
have
is
just
a
quick
recap
of
the
vsphere
CSI
driver
meeting
that
we
had
yesterday.
A
It
went
really
well,
so
it
was
just
really
an
initial
kickoff.
We
didn't
end
up
starting
any
data
flow
diagram
activity,
yet
it
was
really
just.
It
was
me
Grace,
Sheng
Yang,
who
is
the
per
the
staff
engineer
at
VMware,
who
owns
that
project
and
also
Robert
ficalia,
has
our
sort
of
threat
modeling,
self-assessment
Sherpa?
A
Who
has
who
has
done
this?
He
did
the
he
was
present
for
the
the
Cappy
self-assessment,
but
has
also
in
his
security
consultancy.
Does
this
quite
a
bit,
so
it
was
yeah
a
good
meeting.
I
think
we
had.
You
know
we
came
to
a
pretty
pretty
solid
understanding
of
how
we
want
to
work.
B
A
Poll
Shing
is
going
to
share
some
sequence
diagrams
in
our
slack
Channel,
so
that
we
can
just
start
with
kind
of
a
sort
of
a
template
as
it
were
before.
We
sort
of
plunge
into
drawing.
A
Flow
diagram,
we're
going
to
focus
on
basically
crud,
unsurprisingly,
is
just
sort
of
like
the
some
of
the
vanilla
workflows
that
are
used
most
frequently
for
the
driver
in
terms
of
creating
those
persistent
volumes.
We're
going
to
be
begin
with
the
create
workflow
again
unsurprising.
A
So
that's
all
really
good
stuff
and
just
yeah
looking
forward
to
you
know
being
able
to
make
or
to
testify
to
the
security
posture
of
but
yeah
an
important
part
of
how
kubernetes
Works
Robert's
also
going
to
review
some
of
the
past
third
party
audits
to
see
if
the
CSI
interface
was
discussed
as
well,
so
yeah,
really
productive
meeting.
The
doodle
poll
is
out
in
the
slack
Channel.
A
Also
I
should
probably
cross
post
into
six
security
as
well
and
maybe
tag
security
as
well
in
the
cncf
org
to
yeah.
Just
socialize
kind
of
what
we're
up
to-
and
you
know
folks
are
welcome
to
drop
in
to
either
listen
or
to
contribute,
as
they
see
fits.
So
that's
my
only
real
discussion
topic,
but
yeah
Kalyn
I,
don't
know
if
you
I
know
you've
been
busy
with
getting
ready
for
kubecon
and
talking
about
Civ
security
and
yeah
love
to
hear
anything.
That's
up
with
YouTube
yeah
I.
B
Updated
the
pr
that's
open
for
the
documentation
and
that's
ready
for
another
review
about
you
and
then
hopefully
get
a
chair
sign
off
and
get
it
merged.
Awesome.
A
B
A
A
You
did
oh
okay,
so
maybe
it
hasn't
come
through
for
from
GitHub.
For
me,
okay,
we'll
have
a
a
cool
awesome
thanks,
yeah,
that's
great
and
yeah
I
think
that's!
Basically,
that's
everything,
certainly
that
I
had
I'll
update
the
notes
Here
to
reflect
that
discussion
and
yeah
I.
Don't
think,
there's
anything
else.
So
I
think
we
can
keep
it
short
and
sweet
today.
B
Awesome
yeah,
the
only
other
thing
I
had
was
talking
about
forking
the
tag,
security,
self
assessment
template
so
that
we
can
work
on
it
to
be
better
suited
to
kubernetes
self-assessments,
as
we
learn
more
and
iterate
on
it,
and
so
that's
something
that
I
think
doesn't
have
to
be
a
part
of
this
PR
because
it'll
just
add
to
the
to
like
this.
Just
gets
us
visibility
immediately.
But
you
know
if
people
are
interested
in
a
follow-up.
B
A
Excellent,
no
I
think
that's
a
great
idea
and
I
think,
like
specifically
forking
what
tag
security
has
is
a
great
way
to
like
just
show
like
continuity
in
terms
of
like
the
overall.
Like
yes,
kubernetes
is
a
cncf
project
and
we
sort
of
take.
A
You
know
what
we
do.
You
know
templating
off
of
of
what
the
broader
cncf
practices
I
think
is
a
really
good.
It's
it's
just
a
good,
Community
sort
of
driven
way
to
do
it.
So
here
here,
yeah.
B
And
now
they're
writing
that
that
book
about
it,
so
it
it's
going
to
be
like
a
template
that
a
whole
bunch
of
people
in
the
cloud
native
here
are
familiar
with.
Hopefully,
oh.
A
Is
that
what
what's
his
name
he's?
Oh
he's,
an
academic,
oh
I
can
see
his
face
from
when
I
have
sat
in
the
tax
security
meetings.
He's
really
great
I
forget
his
name
anyway.
I
think
he
but
he's
writing
like
it's
a
book.
Let
it's
like
60
Pages,
like
it's,
not
super
long.
I.
Think
I.
A
Remember
that,
anyway,
to
let's
see
the
security
and
so
yeah
I'm,
definitely
supportive
of
that
yeah
and
would
love
to
pair
with
you
on
that
for
sure
awesome,
great,
very
good,
like
someone
joined
and
left
real
fast.