The Cloudcast #260 - Securing Container Workloads

Aaron and Brian talk with Randy Kilmon (VP of Engineering at @black_duck_sw) about the open source vulnerabilities, securing containers and managing the lifecycle of rapidly changing software. Show Links: Get a free book from O'Reilly media or use promo code PCBW for a discount - 40% off Print Books and 50% off eBooks and videos Black Duck Software Homepage [blog] 3 Steps to Building Container Security [blog] Black Duck’s Open Source Security report Show Notes: Topic 1 - Welcome to the show. Tell us a little bit about your background and your areas of focus at Black Duck Software. Topic 2 - For anyone that’s not familiar with Black Duck, what role does Black Duck play in looking at open source licensing vs. actively helping with security and vulnerabilities? Topic 3 - One of your areas of focus is containers and container security. Obviously containers is top of mind for lots of people. What’s the reality of container security and what are the areas where people should focus their attention? Topic 4 - Let’s talk about “pre-container” (developers) security vs. “post-container” security (operations). What are the “gates” applications should be going through, and where are people making mistakes today? Topic 5 - Can we talk about managing security in the container vs. security in the host? Topic 6 - We have a number of listeners that are going down a journey with containers, either directly (e.g. Docker) or via PaaS platforms (e.g. Cloud Foundry, OpenShift, etc.). What’s your guidance to them? Feedback? Email:show at thecloudcast dot net Twitter:@thecloudcastnet YouTube:Cloudcast Channel FEEDBACK?Email: show @ the enterprise ai show dot comeBluesky: @EntAIShow.bsky.socialTwitter/X: @TheEntAIShowInstagram: @TheEntAIShow