‹ All episodes

The Cloudcast

The Cloudcast #260 - Securing Container Workloads

July 20, 2016 Aaron Delp and Brian Gracely
The Cloudcast #260 - Securing Container Workloads
The Cloudcast
More Info
The Cloudcast
The Cloudcast #260 - Securing Container Workloads
Jul 20, 2016
Aaron Delp and Brian Gracely
Aaron and Brian talk with Randy Kilmon (VP of Engineering at @black_duck_sw) about the open source vulnerabilities, securing containers and managing the lifecycle of rapidly changing software.

Show Links:
Show Notes:
  • Topic 1 - Welcome to the show. Tell us a little bit about your background and your areas of focus at Black Duck Software.
  • Topic 2 - For anyone that’s not familiar with Black Duck, what role does Black Duck play in looking at open source licensing vs. actively helping with security and vulnerabilities?
  • Topic 3 - One of your areas of focus is containers and container security. Obviously containers is top of mind for lots of people. What’s the reality of container security and what are the areas where people should focus their attention?
  • Topic 4 - Let’s talk about “pre-container” (developers) security vs. “post-container” security (operations). What are the “gates” applications should be going through, and where are people making mistakes today?
  • Topic 5 - Can we talk about managing security in the container vs. security in the host?
  • Topic 6 - We have a number of listeners that are going down a journey with containers, either directly (e.g. Docker) or via PaaS platforms (e.g. Cloud Foundry, OpenShift, etc.). What’s your guidance to them?
Feedback?
Apple Podcasts Spotify Amazon Music Podcast Index Overcast Stitcher +
Show Notes
Aaron and Brian talk with Randy Kilmon (VP of Engineering at @black_duck_sw) about the open source vulnerabilities, securing containers and managing the lifecycle of rapidly changing software.

Show Links:
Show Notes:
  • Topic 1 - Welcome to the show. Tell us a little bit about your background and your areas of focus at Black Duck Software.
  • Topic 2 - For anyone that’s not familiar with Black Duck, what role does Black Duck play in looking at open source licensing vs. actively helping with security and vulnerabilities?
  • Topic 3 - One of your areas of focus is containers and container security. Obviously containers is top of mind for lots of people. What’s the reality of container security and what are the areas where people should focus their attention?
  • Topic 4 - Let’s talk about “pre-container” (developers) security vs. “post-container” security (operations). What are the “gates” applications should be going through, and where are people making mistakes today?
  • Topic 5 - Can we talk about managing security in the container vs. security in the host?
  • Topic 6 - We have a number of listeners that are going down a journey with containers, either directly (e.g. Docker) or via PaaS platforms (e.g. Cloud Foundry, OpenShift, etc.). What’s your guidance to them?
Feedback?