The Immediate and Lasting Benefits of TAG Security Assessments - Brandt Keller & Ben Hirschberg
Brandt Keller, Ben Hirschberg
KubeCon + CloudNativeCon Europe 2025 · Session
This talk, presented by Brandt Keller and Ben Hirschberg at KubeCon EU, delves into the critical role and tangible benefits of security assessments conducted by the Technical Advisory Group for Security (TAG Security) within the Cloud Native Computing Foundation (CNCF). The speakers highlight how these assessments serve as a vital mechanism for improving the security posture of cloud-native projects, fostering greater end-user confidence, and standardizing security practices across a rapidly expanding ecosystem. Keller, representing TAG Security, outlines the group's mission and the different assessment types, while Hirschberg provides a compelling case study from Cubescape, an incubating CNCF project, illustrating the immediate and lasting value derived from undergoing a self-assessment.
AI review
This talk, masquerading as a process overview, delivered a surprisingly honest and impactful case study. The speakers detailed how the CNCF TAG Security self-assessment led to the discovery of a critical, unauthenticated communication flaw in Cubescape, a project maintained by experienced security professionals. It's a blunt reminder that even the best teams overlook fundamentals, and a structured process can save your ass. This isn't just fluff; it's a real-world example of defensive process innovation that *works*.