Date: Wed, 23 Mar 2022 00:18:27 +0000
<p>ThreatMapper is an open source tool that hunts for vulnerabilities in your production Kubernetes environment, and ranks them based on their risk of exploit. It is built by Deepfence, who also sell a commercial product based on it called ThreatStryker. Co-founder/CEO <a href="https://www.linkedin.com/in/sandeep-lahane-b9520a4/">Sandeep Lahane</a> and head of products/community <a href="https://twitter.com/owengarrett">Owen Garrett</a> join Craig to discuss how to decide what to open and what to keep closed, and just how deep his fence needs to be.</p> <p>Do you have something cool to share? Some questions? Let us know:</p> <ul> <li>web: <a href="https://kubernetespodcast.com">kubernetespodcast.com</a></li> <li>mail: <a href="mailto:kubernetespodcast@google.com">kubernetespodcast@google.com</a></li> <li>twitter: <a href="https://twitter.com/kubernetespod">@kubernetespod</a></li> </ul> <h3 id="chatter-of-the-week">Chatter of the week</h3> <ul> <li><a href="https://kubernetespodcast.com/episode/171-parca/">Episode 171, with Frederic Branczyk</a></li> <li><a href="https://twitter.com/ahmetb/status/1441863204578095106">Ahmet Alp Balkan’s coffee beans</a></li> <li><a href="https://en.wikipedia.org/wiki/French_press">French press</a></li> <li><a href="https://en.wikipedia.org/wiki/Moka_pot">Moka pot</a></li> </ul> <h3 id="news-of-the-week">News of the week</h3> <ul> <li><a href="https://go.dev/blog/go1.18">Go 1.18 released</a> <ul> <li><a href="https://cloud.google.com/blog/products/gcp/go-1-18-and-google-cloud-go-now-with-google-cloud"> Go now with Google Cloud</a></li> </ul> </li> <li><a href="https://etcd.io/blog/2022/etcd-integrates-continuous-fuzzing/">Continuous fuzzing in etcd</a></li> <li><a href="https://www.veritas.com/news-releases/2022-03-16-kubernetes-an-achilles-heel-in-defense-against-ransomware-attacks"> Veritas says Kubernetes is an Achilles Heel in defense against ransomware attacks</a></li> <li><a href="https://www.armosec.io/blog/nsa-cisa-kubernetes-hardening-guide/">ARMO’s changelog for the NSA/CISA hardening guide</a> <ul> <li><a href="https://www.armosec.io/blog/kubescape-the-first-tool-for-running-nsa-and-cisa-kubernetes-hardening-tests/"> KubeScape</a></li> </ul> </li> <li><a href="https://www.cncf.io/announcements/2022/03/15/new-cloud-native-developer-bootcamp-provides-a-clear-path-to-cloud-native-careers/"> Cloud Native Developer Bootcamp</a> <ul> <li>Use the code K8SPC30 for 30% off, if it’s before April 19, 2022 when you read this</li> </ul> </li> <li><a href="https://blog.plural.sh/announcing-plurals-6m-seed-round/">Plural launches with $6m seed round</a> <ul> <li><a href="https://news.ycombinator.com/item?id=30710481">Launch HN post</a></li> </ul> </li> <li><a href="https://www.docker.com/blog/speed-boost-achievement-unlocked-on-docker-desktop-4-6-for-mac/"> Speed boost on Docker Desktop for Mac</a></li> <li><a href="https://www.vesselfinder.com/vessels/EVER-FORWARD-IMO-9850551-MMSI-477624800"> Track the Ever Forward</a></li> </ul> <h3 id="links-from-the-interview">Links from the interview</h3> <ul> <li><a href="https://deepfence.io/">Deepfence</a></li> <li><a href="https://deepfence.io/threatmapper/">ThreatMapper</a>: the open source project</li> <li><a href="https://deepfence.io/threatstryker/">ThreatStryker</a>: the commercial product</li> <li>A failed startup story <ul> <li><a href="https://en.wikipedia.org/wiki/Heartbleed">Heartbleed</a></li> <li><a href="https://en.wikipedia.org/wiki/Buffer_overflow">Buffer overflow</a></li> <li><a href="https://github.com/google/sanitizers/wiki/AddressSanitizer">Address Sanitizer</a></li> <li><a href="https://en.wikipedia.org/wiki/Software_Guard_Extensions">Intel SGX</a></li> <li><a href="https://chromium.googlesource.com/chromium/src/+/HEAD/docs/design/sandbox.md"> Chrome sandbox</a></li> <li><a href="https://en.wikipedia.org/wiki/Intel_MPX">Intel MPX</a></li> <li><a href="https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)">Spectre</a> and <a href="https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)">Meltdown</a></li> </ul> </li> <li><a href="https://nginx.com/">NGINX</a> (the company)</li> <li><a href="https://ebpf.io/">eBPF</a></li> <li><a href="https://en.wikipedia.org/wiki/Forward_secrecy">Forward secrecy</a></li> <li><a href="https://deepfence.io/milestone-announcing-our-9-5m-series-a/">Deepfence’s Series A announcement</a></li> <li><a href="https://en.wikipedia.org/wiki/Shift-left_testing">Shifting left</a></li> <li><a href="https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies">Behind 2 proxies</a></li> <li><a href="https://attack.mitre.org/">MITRE ATT&CK matrix</a></li> <li><a href="https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html"> Cyber Kill Chain</a></li> <li><a href="https://github.com/deepfence/ThreatMapper">ThreatMapper on GitHub</a></li> <li><a href="https://deepfence.io/new-release-threatmapper-1-3-0/">What’s new in ThreatMapper 1.3.0?</a></li> <li><a href="https://twitter.com/deepfence">Sandeep Lahare</a> and <a href="https://twitter.com/owengarrett">Owen Garrett</a> on Twitter</li> </ul>