A Look Under the Hood of CNCF Security Audits

In this talk, Adam and David from Ada Logics present their experiences with auditing CNCF projects. They detail how security audits progress, what projects should expect, and the outcomes observed so far. The presentation covers common vulnerabilities found, the requirements for completing third-party security audits, and examines specific projects like Flux, CRI-O, KubeEdge, Argo, Istio, and Cilium. The talk also explores how audit reports can benefit contributors, adopters, and security researchers.