Perform a security audit on k8s with a vendor and produce as artifacts a threat model and whitepaper outlining everything found during the audit.
- SIG Auth
- Regular WG Meeting: Mondays at 12:00 PT (Pacific Time) (weekly). Convert to your timezone.
- Aaron Small (@aasmall), Invitae
- Craig Ingram (@cji), Stripe
- Jay Beale (@jaybeale), InGuardians
- Joel Smith (@joelsmith), Red Hat
Trail of Bits and Atredis Partners, in collaboration with the Security Audit Working Group, have released the following documents which detail their assessment of Kubernetes security posture and their findings.
- Sensitive communications regarding the audit should be sent to the private variant of the mailing list.
The RFP was open between 2018/10/29 and 2018/11/30 and has been published here.
The RFP is now closed. The working group selected Trail of Atredis, a collaboration between Trail of Bits and Atredis Partners to perform the audit.
You can read more about the vendor selection here.