Security News > 2023 > May > Kubernetes Bill of Materials (KBOM) open-source tool enhances cloud security response to CVEs
Kubernetes Security Operations Center released the first-ever Kubernetes Bill of Materials standard.
While the Software Bill of Materials has moved forward to the point of being a formal part of the NIST requirements required by the USA federal government in federal purchases, this requirement falls short of the deployment stage in the application development lifecycle, where Kubernetes into play.
"Kubernetes is orchestrating the applications of many of the biggest business brands we know and love. Adoption is no longer an excuse, and yet from a security perspective, we continually leave Kubernetes itself out of the conversation when it comes to standards and compliance guidelines, focusing only on activity before application deployment," says KSOC CTO Jimmy Mesta.
"We are releasing this KBOM standard as a first step to getting Kubernetes into the conversation when it comes to compliance guidelines. We also hope others will join in to contribute so the practitioners running their business-critical apps on Kubernetes have practical tools to help with security," Mesta concluded.
For short-staffed teams where Kubernetes expertise is already in short supply, this standard view can also help achieve efficiencies, as security and platform engineering teams work quickly at a large scale to describe their Kubernetes environments to third parties.
One of the major barriers to interacting with any third party or stakeholder around adding security to a Kubernetes environment, is getting an accurate grasp on the scope of the environment itself.
News URL
https://www.helpnetsecurity.com/2023/05/10/kubernetes-bill-of-materials-kbom/
Related news
- How AI Is Changing the Cloud Security and Risk Equation (source)
- Strategies for CISOs navigating hybrid and multi-cloud security (source)
- AWS unveils cloud security IR service for a mere $7K a month (source)
- Are Long-Lived Credentials the New Achilles’ Heel for Cloud Security? (source)
- Best CSPM Tools 2025: Top Cloud Security Solutions Compared (source)
- CrowdStrike vs Wiz: Which Offers Better Cloud Security and Value? (source)
- CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)