KubeCon 2024
Salt Lake City, Utah
Come meet our team at Booth S53! Let’s chat about how TestifySec’s automated governance framework secures software supply chains and streamlines FedRAMP compliance. With automated evidence collection and policy enforcement, we make auditing seamless at any point in the SDLC. Grab some swag and enter to win a drone, Kubernetes starter kit, and more. Want to set aside dedicated time? Hit the button below to schedule a meeting!
Mission Impact: Open Source Unleashed
Join us on November 12 for "Mission Impact: Open Source Unleashed" at Weber State Davis Campus. This half-day event brings together public sector professionals and industry experts to explore open-source software, cybersecurity, and secure software supply chains. Gain insights, network with leaders, and discover innovative solutions for government and enterprise environments.
Don't miss out—sign up on Eventbrite today to reserve your spot!
BoF: AI Training in Kubernetes BoF - Marlow Weston, SchedMD; Ricardo Rocha, CERN; Alex Scammon, G-research; Frederick Kautz, TestifySec
In this talk, we will lead you down the rabbit-hole of AI training in Kubernetes, where idealism and reality meet. We are not here to feed you tales of digital utopia. We are here to discuss what needs to change. Can Kubernetes be taught to handle the monstrous loads of large-scale AI training? Join a diverse group of engineers, AI researchers, and Kubernetes veterans to learn what problems need to be solved for optimal AI training within Kubernetes. We will discuss solutions and challenges within this space and do comparisons between HPC systems and Kubernetes. Topics will include fine-grained resource control, scheduling, networking, and storage. If you think you can handle the unvarnished truth about Cloud Native AI, come armed with questions, war stories, and a tolerance for the absurd. Just be prepared to leave with more questions than answers-and maybe, if you are lucky, a sliver of insight.
Keynote: Open Source Security Is Not A Spectator Sport
Justin Cappos, Professor, NYU
Santiago Torres Arias, Assistant Professor, Purdue University
The CNCF has been a trailblazer in resilient open source software security by enabling innovation, coordination and community building. We will highlight some of the efforts and resources provided by TAG Security including security assessments for CNCF projects, one of the first supply chain security recommendations, A Reference Architecture to Securing the Software Supply Chain, and the Cloud Native Security Whitepaper.
We’ve done this all by fostering an open and welcoming community of security professionals. Come and join our community and help us improve cloud-native security for all!
Secure Release Processes with in-Toto Policy Verification
Ensuring software releases adhere to expected processes is crucial for both open-source projects and enterprise software. The in-toto project offers a solution by creating attestations for each step, providing verifiable evidence of compliance. Over the past five months, community contributors have worked to enhance the definition and capabilities of in-toto layouts to enforce policies for these attestations. This presentation will showcase the results of this effort, demonstrating how to create flexible policies for any software development lifecycle (SDLC) process, from source code commit to production release. We will explore how to formulate policies that verify attestations for code reviews, SBOM integrity, testing, vulnerability scans, build provenance (such as SLSA), and more. Join us to learn how to ensure your software development process is compliant and secure.
Our Team
We are an engineering lead organization that is focused on providing the best security solutions for our clients. These are the faces from TestifySec you'll see at Kubecon 2024!
Our Blog
The CrowdStrike software 'update' heard around the world
Cloud Unfiltered with Cole Kennedy - Attestation is the Key
