This paper from John Lambert shows how a community-based approach of infosec can speed up learning for defenders. The tools are already there: attack knowledge curated in the MITRE ATT&CK framework, detection definitions expressed in Sigma rules, and repeatable analysis written in Jupyter notebooks form a stackable set of practices. If organizations were to contribute and share their unique expertise using these frameworks, and organizations were in this way to build on the expertise of others, defenders in every organization would benefit from the best defense in any organization.

This blog post from the CNCF examines how audit logs are configured and used in the Kubernetes world, what valuable information they contain, and how they can be utilized to enhance the security of a Kubernetes-based data center.

If you are an OPA (Open Policy Agent) user, then you won't want to miss their recap on the OPA happenings at KubeCon 2019. Within the article, many good talks are listed: from how Pinterest uses OPA, to how Chef uses OPA to implement IAM in Chef Automate, and how Goldman Sachs uses OPA to do policy-based provisioning in Kubernetes.

Two of the biggest GitOps projects (Argo CD and Flux CD) are joining forces to create the ultimate GitOps solution. The first step on this journey is the GitOps Engine, which will be responsible for access to Git repositories, Kubernetes resource cache, manifest generation, resources reconciliation, etc.

An enterprise friendly way of detecting and preventing secrets in code. However, unlike other similar packages that solely focus on finding secrets, this package is designed with the enterprise client in mind: providing a backwards compatible, systematic means of preventing new secrets from entering the code base, detecting if such preventions are explicitly bypassed, and providing a checklist of secrets to roll, and migrate off to a more secure storage.

In this post, Hashicorp shows how to use, audit, and enforce policies on a SSH certificate authority workflow with Vault.

This blog post is about how you can avoid any static secrets inside your infrastructure as code using Terraform and Vault’s dynamic secrets, and provides an example of Vault-generated dynamic secrets deployed via Terraform.

Lyft just announced the initial open source release of omnibot: a Slack proxy, and Slack bot framework. Ultimately, omnibot is a Slack-specialized HTTP proxy. You can point all Slack apps at omnibot for event subscriptions, slash commands, and interactive components. omnibot routes those events to configured callbacks, whether the callbacks are within omnibot, or in another backend service.

EnvoyProxy v1.12.2 has been released to address 3 vulnerabilities: 1 Critical (CVE-2019-18801), and 2 High (CVE-1019-18802, CVE-1019-18838). Update if you are impacted.

More than 70 AWS services now have a dedicated “security” chapter in their documentation. See the full list!

Google recently published some guidance on how to collect and analyze forensic data in GKE, and how best to investigate and respond to an incident.