Security News > 2023 > May > Kubernetes Bill of Materials (KBOM) open-source tool enhances cloud security response to CVEs

Kubernetes Security Operations Center released the first-ever Kubernetes Bill of Materials standard.
While the Software Bill of Materials has moved forward to the point of being a formal part of the NIST requirements required by the USA federal government in federal purchases, this requirement falls short of the deployment stage in the application development lifecycle, where Kubernetes into play.
"Kubernetes is orchestrating the applications of many of the biggest business brands we know and love. Adoption is no longer an excuse, and yet from a security perspective, we continually leave Kubernetes itself out of the conversation when it comes to standards and compliance guidelines, focusing only on activity before application deployment," says KSOC CTO Jimmy Mesta.
"We are releasing this KBOM standard as a first step to getting Kubernetes into the conversation when it comes to compliance guidelines. We also hope others will join in to contribute so the practitioners running their business-critical apps on Kubernetes have practical tools to help with security," Mesta concluded.
For short-staffed teams where Kubernetes expertise is already in short supply, this standard view can also help achieve efficiencies, as security and platform engineering teams work quickly at a large scale to describe their Kubernetes environments to third parties.
One of the major barriers to interacting with any third party or stakeholder around adding security to a Kubernetes environment, is getting an accurate grasp on the scope of the environment itself.
News URL
https://www.helpnetsecurity.com/2023/05/10/kubernetes-bill-of-materials-kbom/
Related news
- Watch Out For These 8 Cloud Security Shifts in 2025 (source)
- Balancing cloud security with performance and availability (source)
- Avoiding vendor lock-in when using managed cloud security services (source)
- Why multi-cloud security needs a fresh approach to stay resilient (source)
- Cloud security gains overshadowed by soaring storage fees (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Cloud security explained: What’s left exposed? (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed (source)
- Orbit: Open-source Nuclei security scanning and automation platform (source)