Back To Schedule
Tuesday, May 1 • 09:15 - 09:45
What's so hard about vulnerability scanning? - Liz Rice, Aqua Security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
A dive into what's easy - and what's not so easy - about finding and patching security vulnerabilities in droplets and containers

When a vulnerability, like the recent Meltdown, gets disclosed, the race is on to patch your code - and in a containerized deployment like PCF or PKS, you may have many thousands of instances that need updating. Typically, organizations use an image scanner to identify affected droplets or containers.

At first glance vulnerability scanning seems as though it should be a simple matter of cross-referencing a list of software packages with a list of known vulnerabilities, such as the National Vulnerability Database. This talk dives into why identifying vulnerabilities is a harder problem than you might at first imagine. We'll cover questions such as:

 * How does droplet scanning work?

 * Why does your Linux distribution(s) matter for vulnerability detection?

 * What's the difference between detecting vulnerabilities and malware?

There will be examples of false positives, how they get generated and what you can do about them.

If you have ever wondered how image scanners work, or if you're concerned about keeping your droplets and containers up-to-date with the latest patches, this talk is for you. 

avatar for Liz Rice

Liz Rice

VP Open Source Engineering, Aqua Security
Liz Rice is VP Open Source Engineering with cloud native security specialists Aqua Security. She is chair of the CNCF's Technical Oversight Committee, and was Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly. She has... Read More →

Tuesday May 1, 2018 09:15 - 09:45 BST

Attendees (8)