This week's articles
AWS Ramp-Up Guide: Security
A guide that can help you prepare for the "AWS Certified Security - Specialty" certification exam.
Kubernetes Security For CISOs
The top five security measures that CISOs should be thinking about for any Kubernetes implementation.
SBOMs are just a means to an end
The industry movement towards SBOMs needs material interventions to be usable at scale for exceedingly basic use cases. This post hopes to begins a discussion at the industry level that brings us closer to our desired state and to challenge the notion of what that desired state even is.
Announcing the Auto-refreshing Official Kubernetes CVE Feed
A long-standing request from the Kubernetes community has been to have a programmatic way for end users to keep track of Kubernetes security issues (CVEs). Accompanying the release of Kubernetes v1.25, such feed
is now an alpha feature.
Open Source Software (OSS) Secure Supply Chain (SSC) Framework
This guide outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer's workflow. This paper is split into two parts: a solution-agonistic set of practices and a maturity model-based implementation guide.
Azure Active Directory Pass-Through Authentication Flaws
Secureworks researchers analyzed how the protocols used by Pass-Through Authentication (PTA) could be exploited. The result? A compromised PTA agent certificate gives threat actors persistent and undetectable access to a target organization.