In-person + Virtual
October 11-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Thursday, October 14 • 5:25pm - 6:00pm
Keeping Up with the CVEs: How to Find a Needle in a Haystack? - Pushkar Joglekar, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
An end user team bought a new product that ships as a set of container images. Their CISO requests a scan of the images before going live. The internal scan, to everyone’s surprise results in 314159 vulnerabilities. The CISO is furious & rejects any claims that the scanner is faulty, since it worked fine for VM images. After multiple back and forth exchanges with the product’s vendor, the vast majority of the detected vulnerabilities are false positives / do not have a fix / are not in the code execution path. Everyone breathes a sigh of relief until a few weeks later, the same thing happens for another product & the story repeats itself. It does not have to be this way! In this talk using the Kubernetes images as an example we will unravel how vulnerability scanners work, their blind spots and discuss how to implement a practical approach that allows end users to assess product’s security not by the raw vulnerability numbers & severity but by the risk it poses to their environment.

avatar for Pushkar Joglekar

Pushkar Joglekar

Cloud Native Security Engineer, Independent
Pushkar Joglekar wears multiple hats in the community as: CNCF Security - TAG Co-Chair & Kubernetes SIG Security Tooling Sub-Project Lead to “Make Kubernetes Secure For All”. Since 2019, he feels incredibly fortunate to have written the security chapters in Nigel Poulton’s “The... Read More →

Thursday October 14, 2021 5:25pm - 6:00pm PDT
Room 408 AB + Online