Open source information / Kubernetes /
text

2023 Kubernetes Security Report: Investment and Adoption Mismatch

Source: OSCHINA
Edit: Boiled water without sugar
2023-04-22 07:25:35
zero
[Live Preview] How come Rust has not replaced C/C++for nearly ten years?

Red Hat's 2023 Kubernetes Security Report is now available release , focusing on the specific security risks faced by organizations in cloud native development; It includes the risks faced by its software supply chain, and how to reduce these risks to protect its applications and IT environment. Based on a survey of 600 DevOps, engineering and security professionals around the world, the report reveals some of the most common security challenges faced by organizations in the process of cloud native adoption and their impact on business. And provides application development and security teams with best practices and guidelines that can reduce their security risks.

Some noteworthy findings include:

Mismatch between investment and adoption

The adoption rate continued to grow, but the security investment did not grow at the same time; Safety is still one of the biggest problems in container adoption. 38% of the respondents said that the security issues were not paid enough attention or the security investment was insufficient, an increase of 7% compared with 2022.

Red Hat believes that cloud native solutions need cloud native security solutions, and these solutions can (and should) usually include the DevSecOps method. The IT team needs to focus on selecting and implementing security tools that provide feedback and barriers in the CI/CD application pipeline and infrastructure pipeline. It is recommended that organizations invest in cloud native tools with built-in security to bridge the gap between investment and adoption, rather than using them as add-on components.

Security issues hamper business outcomes

For security reasons, 67% of respondents had to Delay or slow down The adoption of cloud native. More than half of the respondents have experienced software supply chain problems related to cloud native and container development in the past 12 months.

Worse still, Cloud native security event It may cause serious business impact. 21% of the respondents said that the security incident led to the dismissal of employees, and 25% of the respondents said that the organization was fined. In addition to obvious employee impact, it may also lead to the loss of valuable talents, knowledge and experience from the entire IT organization. 37% of respondents believe that the loss of revenue/customer is caused by the container and Kubernetes security incidents.

By prioritizing security in the early stages of the cloud native strategy, organizations can protect business assets, meet regulatory requirements, promote business continuity, maintain customer trust, and reduce the cost of fixing security problems.

Concerns about software supply chain security

The focus on software supply chain security has never been higher. Sonatype reports that In the past three years, the average annual growth rate of software supply chain attacks has reached an astonishing 742%. The three issues most concerned by survey respondents are vulnerable application components (32%), insufficient access control (30%) and lack of software bill of materials (SBOM) or source (29%).

The bad news is, More than half of the respondents have experienced almost all the problems found in the survey. Among them, vulnerable application components and CI/CD pipeline weaknesses are the two most mentioned problems. However, many organizations are adopting a comprehensive DevSecOps approach to better protect their software supply chain Nearly half of the respondents have advanced DevSecOps plan. Another 39% understand the value of DevSecOps and are in the early stage of adoption.

In addition, by focusing on the security of software components and dependencies early in the software development life cycle, and using DevSecOps practices to automatically integrate security at each stage, organizations can transform from inconsistent manual processes to consistent, repeatable automated operations.

More details can be found at Download full report

Expand to read the full text

Related Links

The news on this website is prohibited to be reproduced without authorization. Violators will be investigated for relevant legal responsibilities according to law. For authorization, please contact: oscbianji#oschina.cn

Title: 2023 Kubernetes Security Report: Investment and Adoption Mismatch

Address: https://www.oschina.net/news/237918/state-kubernetes-security-2023

Click to lead the topic 📣 Post and join the discussion 🔥

Hot content

More highlights
It has been ten years since I resigned my teacher and came to Shenzhen
RWKV-7 architecture has released a preview version, which truly transcends the attention paradigm
WordPress.org prohibits WP Engine from accessing its resources
The 4.22.0 preview version of the multi tenant rapid development platform of Lights was released, and the single version and micro service version were integrated
Gdao v1.2.0: Go Language Efficient ORM Framework
Huawei Announces OpenUBMC Open Source
The GUI package Tk used by the scripting language Tcl and Python has released version 9.0
ModStartCMS v8.9.0 Image upload optimization, rich text editor repair
PostgreSQL 17 Publishing
TuoShupai appeared at the "Data Element" Ecological Partner Conference of China Mobile, and was officially approved as a partner
: tada: Open source monitoring - Nightingale release 7.4, introducing two interesting features
More print drive adaptations! Deepin Print Manager new release
The first example of a state-owned enterprise! OpenKylin officially donated to the Open Atom Open Source Foundation to jointly draw a new blueprint for open source
Orange single code generation tool 3.2, a large number of functions are synchronized with open source and free code generation
Bee V2.4.0 release, multi table association operation, sharding sharding improvement, user-defined assembler for query results (synchronous Maven)
Steam++3.0.0-rc.11 released, Steam toolbox
Open Source Daily | Winamp is officially open source; Google spent 18.9 billion yuan to recruit AI talents; Open source reproduction of the o1 model; Google search snapshot function "dead"
Tuolupai won the certification of "data governance service provider" of Shanghai Data Exchange
: fire: Following HarmonyOS NEXT, Solon v3.0 will be released on October 8
Extreme governance of Baidu search results fluctuation
How can the 300+R&D team maintain the high quality and efficiency of the project?
It's time to learn the real spark technology
[Class in Qiniuwan District] Communication mode between Ruby services
Qiniu Cloud successfully passed CMMI3 certification
Troubleshooting of Difficult and Miscellaneous Problems of Live Broadcasting Part 3: Slow Start
Cloud data processing makes services lighter Pang Xiangcai (1213 Developer Practice Day)
Programmer's Monkey Rescue Plan: 1024 Dream Adventures
How does the test service of the efficiency department of Qiniu Cloud project protect 700000+customers?
1024 Countdown to trouble! Programmer's Day is 2 days away!
Further Discussion on the Application Prospect of Go Language in Front End
Mid Autumn Festival National Day welfare | Join the technology charging plan and vote to win the nut mobile phone!
Troubleshooting of Difficult and Miscellaneous Problems of Live Broadcasting Part 4: High Delay
Qi Niuyun Du Jianghua: Let Cloud+AI become the standard configuration of enterprise services
Invite friends to win the grand prize! Come and draw your signature for 2019 New Year!
How to build an efficient and independent container cloud delivery platform?
ECUG 2015 | Xu Shiwei: The choice of programming language is not about camp, but about taste
Help developers to enter overseas markets and accelerate the launch of Qiniu global service
Full summary of cloud storage application scenarios - picture application
[Double Twelfth] At 12:12 on December 12, there was a limited amount of benefits grabbing. Cloud computing didn't cut corners!
Live broadcast preview: "Green onion entrepreneurship plan" conference
Use the concept of 12 factor to quickly create high maintainability applications - Ye Feng (1213 developer practice day)
TAL Xie Hualiang: Application of AI in the Education Industry
ECUG Con 2014 Technical Dry Goods Sharing Phase I
What are Internet veterans who have witnessed the 10th anniversary of cloud computing development talking about?
Qiniu Cloud is invited to explore the value of financial data through joint auction and loan
Qiniu Cloud's QVM "One Yuan Cloud" Collection Strategy: How to Go to Cloud at Low Cost
The birth and change of video: AI leads video innovation
Troubleshooting of Difficult and Complicated Problems of Live Broadcasting (II): Playing Carton
How to eliminate "bad video"? She teaches you the first step hand in hand
How to develop highly reliable services based on k8s? Container Yunniuren has something to say
Nanshan Dujian, one of the six cloud computing manufacturers, accept this heroic post!
I'm Huang Jianshi. I met my ex girlfriend at work
Process, thread, coroutine, synchronous, asynchronous, callback in Python
Qiniuyun Li Chaoguang: Deep learning platform helps hundred million level content audit system
Qiniuyun Feng Liyuan: Evolution of Edge Storage
China.com and Qiniuyun have reached strategic cooperation to jointly build an international financial media center
With more than 100 million users, how can mature products fully embrace the public cloud?
Selection of technical architecture of log analysis system in the scale of 100 billion
From zero to one, use the real-time audio and video SDK to develop a Zoom
[Activity] Developer's Best Practice Day · Issue 11 - HTML5 and Native App Application Technology Practice
Full summary of cloud storage application scenarios - audio and video
Dry goods sharing: deep practice of big data+intelligence in the era of smart factory
How can startups quickly build efficient monitoring systems?
One of the series of live broadcast troubleshooting: broadcast failure
Surprise Christmas, Qiniu brings star customers to give gifts~
Object storage JavaScript SDK update, instant experience of simpler and reliable services
The 2018 China Short Video Developer Creativity Competition is coming, and the 10000 yuan cash prize invites you to fight!
Qiniu Yungong Jing: Continuous delivery platform based on container and big data platform
ECUG Con invites you to discuss the deepest practice of server development
Use pure Javascript to upload React Native files
Smoothness increased by 100%! How does Qiniu Cloud QUIC streaming scheme achieve live broadcast 0 stuck?
Why is the breakup between CoreOS and Docker predestined
ECUG Con 2014 Lecturer Solicitation Order
Practical Experience of Highly Available Scalable Architecture
Developer Best Practice Day · Issue 14 - Technology Drives the Future of E-commerce
Full summary of cloud storage application scenarios – App, HTML5, Web applications
Had to stay up late Manual
What is the best language in the last decade- Come to Gopher China Conference to find out
The price of Qiniu audio and video services was officially lowered, making rich media become the standard configuration of applications
New Murphy's Law of Cloud Computing
Get filters, animations, AR special effects, and quickly show off your short video development special effects!
Developer's Best Practice Day · Issue 4 - Triathlon software, hardware, cloud
Press conference of "Green Entrepreneurship Plan": invite you to witness the new era of college students' entrepreneurship
[Container people must see] Three reasons why you must come to ECUG Con 2018!
[Warm Spring Gift] Million Red Packets of Customer Care from Qiniu came in April!
[Special review on ECUG] Re talk about CERL: Detailed discussion on the differences between GO and ERLANG's concurrent programming models - Xu Shiwei
The price of seven-year integrated CDN was reduced comprehensively, with a value reduction of 42%
ECUG Con 2018 Morning Bird Ticket Hot Sale | Celebrities Gather to Explore the Next Decade of Cloud Computing
Qiniu Cloud Storage delivers love declaration to developers through the OSChina platform
What you want on the Double 11, we have prepared it for you in advance - Qiniuyun products start at 0.1 yuan
How to realize video structured management with AI?
Xu Shiwei: What is the next era of the Internet after 20 years of evolution?
ECUG Con 2014 Technical Dry Goods Sharing Phase II
(I) Mining the infinite value of big data in traditional industry logs
Tell me your favorite open source project, and Qiniu will support it with you!
AR+real-time audio and video call, seamless integration of virtual and reality
Changes of Qiniu data processing architecture
Small program live broadcast is emerging, ready to embrace the latest growth trend?
Qiniuyun X fluent English: intelligent breakthrough in the era of education 3.0
Have you found the flavor of these years?

Popular comments of the whole site

f
fzn0268 2024-09-04 14:26
This is the guy who makes code generator
osc_566335
osc_566335 2024-08-01 15:05
"Although they only have college education" - college education is also considered as higher education, is it a level of illiteracy in the mouth of these media now?
Tobyee
Tobyee 2024-07-09 11:04
No GMS is an excuse. In essence, we still don't want to adapt to domestic mobile phone systems. When Hongmeng Next comes out, we can see whether Microsoft will embrace or not
Small and beautiful software development
Small and beautiful software development 2024-09-26 19:42
This is to sell money with other people's resources. Now all kinds of ai are irregular
To do good
To do good 2024-09-27 10:00
I think C++has so many flower activities, which are easy to learn but difficult to use, and it is not much better
kakai
kakai 2024-09-07 10:39
Why did WeChat offend you? In any case, it is beneficial for the Chinese people to let Apple reduce the tax rate in China even if WeChat does it for its own commercial interests. This tax rate is not only for WeChat, but also for Apple. What a stupid and shameful statement!
Flat wave
Flat wave 2024-09-26 15:07
VERY GOOD!
e
exidot 2024-09-26 16:54
I'm really worried if Linux loses Linus and other veteran figures. It is estimated that Linus is also considering the future of Linux by introducing Rust
Yoona520
Yoona520 2024-09-26 23:20
Good thing, I suggest you apply to dromara community
0day
0day 2024-07-21 11:52
A rogue should talk about security?
Outstanding people
Outstanding people 2024-07-10 16:17
Can you lie flat, can you cut leeks, and spend money on research and development? For scolding? Say this can cut leeks? You were cut? Did you buy it? Who changes the mac every year and who changes the iphone every year? Huawei users don't seem to do that, do they? I can't stand it for a Xiaomi user!
Qsion
Qsion 2024-09-26 14:39
The crow in the world is black, just choose the one you believe in.
Little stars in space
Little stars in space 2024-09-26 20:28
There are no 24 versions, mainly 2424. It's strange to read, alas, alas, alas, unlucky.
z
zb79463626 2024-08-26 15:51
What research and development does IBM China have? All tests! The so-called people engaged in research and development are all working for the elderly!
Jane Roemer
Jane Roemer 2024-08-12 19:31
Are you connected to the Internet at home? Godson has abandoned MIPS for a long time, and now it is LoongArch. Take a look: https://loongarch.dev/zh-cn/posts/20210501-loongarch-manual/
zhongxuchen
zhongxuchen 2024-09-26 19:35
👍🏻
osc_73214294
osc_73214294 2024-08-05 10:19
I thought there would be more in-depth comments below the articles on this platform, and there would be many blowers.
liming0101
liming0101 2024-09-10 09:09
What Naji things, but also touch the porcelain black myth
kushu001
kushu001 2024-08-14 15:24
Why must we emphasize "domestic"? Is it an open source project? If open source, won't you accept the contribution of foreign developers? I'm just curious, can't I promote without "domestic" 😀
Solitary Demon Xia
Solitary Demon Xia 2024-09-26 15:48
😍
Single structure
Single structure 2024-09-26 23:56
Are you serious? Chives are not cut like this
Small and beautiful software development
Small and beautiful software development 2024-09-26 19:41
To put it bluntly, I can only indulge myself
Artrener
Artrener 2024-07-21 15:12
It can be seen that he is unhappy and 360 is unhappy, but what others say is the truth. For example, people in the aviation industry also said so.
Flat wave
Flat wave 2024-07-07 16:54
After eating, I smashed the pot, as if it were pure blood. After eating, I wanted to smack the pot of millet, popo and vivo; 😂
A pot of wine in the flower room 90
A pot of wine in the flower room 90 2024-09-27 10:29
Call to listen to open source every day
osc_73214294
osc_73214294 2024-09-26 18:02
Next is customized by Huawei based on openharmony. If you say Android is open source, it should correspond to openharmony, which is open source. The customized UIs of various companies will not be open source.
infoworld
infoworld 2024-09-26 23:06
This academician is really standing and talking without backache. Huawei hasn't seen other big factories help him when it was sanctioned. Hongmeng is open source, but it is closed. What skills do you like from others?
wleoi
wleoi 2024-09-27 09:10
Yes, 20 directly to 25, understand, do not understand all know this version over five years
Black toothpaste
Black toothpaste 2024-07-21 12:12
A real person is invincible if he has no shame. As long as he is not embarrassed, others are embarrassed.
HalLi
HalLi 2024-09-09 01:10
Even if ordinary users don't understand it, why don't even programmers understand it? Apple is 30% of the whole platform, and domestic channel service is 50%. Where does the big app like WeChat and Tiao Yin get channel service? Besides games, which app brings channel service.
Flat wave
Flat wave 2024-09-26 16:11
very good!
Big back
Big back 2024-07-10 14:03
Then the traffic police find the responsible party and call the customer service of the generative AI, which is very powerful
Azeroth008
Azeroth008 2024-07-09 10:43
It's good to have a self-developed operating system. What's the mentality of those who spray indiscriminately?
Wise sermon
Wise sermon 2024-08-13 12:02
No matter who is fighting in Ping'an County, our 358 Regiment will help the field!
I have I can
I have I can 2024-07-09 11:40
The essence of sprayers is to find reasons for their own darkness and inferiority.
dwingo
dwingo 2024-07-18 10:12
It's not that jni and unsafe are not allowed to be used. It's just a "restriction". You can continue to use them as long as you add command line parameters. The purpose is to let users consider the security of the program
nonser
nonser 2024-09-27 09:05
Multiple shoots
two hundred and seventy-nine million seven hundred and seventy-eight thousand three hundred and twenty-five
two hundred and seventy-nine million seven hundred and seventy-eight thousand three hundred and twenty-five 2024-08-16 16:22
It's not easy to have a domestic development platform, but only to belittle it without encouragement, even if the propaganda is exaggerated? So what are you really doing? Why not go to the manufacturer one by one with exaggerated advertising everywhere? Criticize and think about whether you can make one at the same time? Why do we have to be so honest when we add the word "domestic"?
blue_think
blue_think 2024-08-26 11:00
Don't just talk about Huawei. Tell me about your own ability, how far you have reached and what achievements you have made. It's a little persuasive anyway
cyclamenkde
cyclamenkde 2024-09-26 15:25
OpenHarmony based OS, x86 and arm supported
Kevin586
Kevin586 2024-07-29 17:09
If you really want to reduce costs, you still need to change go. Java eats too much memory
LarryYan
LarryYan 2024-09-26 21:29
I like this too, but I don't like the new deep in
songdragon
songdragon 2024-08-14 13:11
There are several problems with the conditions for this comparison. 1. Solomon uses smart http and spring uses undertow 2 The automatic configuration of solon startup itself is less than that of spring, which determines the different dimensions of comparison. The reason for better performance is probably due to the dependency of web server and application configuration. If you want to align, you need to use the same web server. The spring application excludes all automatic configurations and only retains what is necessary for the web to explain the performance gap of the framework. Now, this result does not mean that solon itself has good performance.
Small and beautiful software development
Small and beautiful software development 2024-09-26 19:47
I don't know who invented the name and then had to get an internal version number
kakai
kakai 2024-09-27 10:03
A layer of DTO is added to business communication, and a layer of java bean serialization and deserialization is added. Protocol based programming can directly use protobuf's
Sell eggplant
Sell eggplant 2024-09-27 10:10
This is pure white whoring
Small and beautiful software development
Small and beautiful software development 2024-09-26 19:45
Ordinary people still use broadband wifi
Strong ice
Strong ice 2024-07-22 08:41
It's better to say that 90% of domestic computers do not have CrowdStrike software installed
fastfail
fastfail 2024-09-26 15:00
I didn't learn Rust
Flat wave
Flat wave 2024-09-26 15:02
very good!
osc_50722289
osc_50722289 2024-09-06 13:51
If Apple doesn't give in and WeChat doesn't give in, it will look good! WeChat goes deep into ordinary people's homes in China! Payment social WeChat is inseparable. If WeChat is not updated on IOS, Apple "doesn't have to mix"
blu10ph
blu10ph 2024-09-26 21:45
It is strongly recommended to join Rust support~
Binx
Binx 2024-09-07 08:28
It's better to increase the Apple tax to 80%, otherwise how can you show your distinguished Apple user identity
infoworld
infoworld 2024-09-11 18:00
Thanks, it is your pioneering work that can avoid being monopolized by foreign systems and applications.
Small and beautiful software development
Small and beautiful software development 2024-09-26 19:44
That's the same thing. Don't be moral. It's yours to kidnap you
Yanlongli
Yanlongli 2024-07-11 17:28
It reduces the visual complexity and increases the operation complexity.
kakai
kakai 2024-09-10 12:23
You don't know anything, but you come here with your mouth open. The reason why the exclusive channel draws high is that there is exclusive channel traffic, which means that the platform is guiding your operation. As long as you collect money, 50% is less, and Apple is guiding you? Give more respect to the apple, it will make you rich.
Flat wave
Flat wave 2024-09-26 15:06
VERY GOOD
1km
1km 2024-09-26 14:44
Now AI is getting bigger and bigger
Kepler 452b
Kepler 452b 2024-09-26 21:00
There are many uses for this tool. The key is to see whether the data sources are extensive, whether the intranet deployment is convenient, and whether the chart components are rich

Hot News

one
Linus, founder of Linux: C is very simple, but easy to make mistakes, while Rust is not
two
Dalian Cisco has been exposed to layoffs of about 300 people, and the compensation plan includes "N+7"
three
JetBrains launched JetBrains AI Assistant in strategic cooperation with Alibaba Cloud, focusing on developers in the Chinese market, and achieving intergenerational improvement in development efficiency
four
Open Source Daily | Here comes the real-time Linux kernel; Dalian Cisco is exposed to layoffs; Huawei will release Hongmeng PC; AI will be open source and decentralized in the future; Post-00 Tsinghua boys challenging GPT; AI products priced up to 1 million yuan
five
Zuckerberg: Leaders of technology companies need to understand technology, otherwise they will not be a technology company
six
Huawei Hongmeng HarmonyOS NEXT will be publicly tested after National Day
seven
Tencent Releases The Five, the Fifth Generation Robot
eight
Spring Boot 3.4.0-M3 Release
nine
From 11.2 trillion yuan to 53.9 trillion yuan
ten
Moore Thread Officially Open Source OpenCV-MUSA

Excellent column

Expert Q&A
Previous period

Advanced developers have a deep understanding of the underlying technical principles of the Linux kernel

How do programmers get started with AI application development?

Talk about Unity and Native Bridging

A daily blog
more

Extreme governance of Baidu search results fluctuation

58 Algorithm Practice in Commercial Search Scenarios

Development history and status quo of 10 database technologies

News delivery
Immediate delivery

Welcome to deliver software and IT industry

Related news.

Recommended attention

Change a batch
sweet potato
sweet potato
Article 190
Access 110.1W
wdlinuxcn
wdlinuxcn
Article 43
Access 1.9W
Keygen
Keygen
Open source software author
DataGear
DataGear
Article 47
Access 26.9W
Wang Nian's Blog
Wang Nian's Blog
Article 135
Access 54.3W

Hot software

Chili -JQuery syntax coloring plug-in
CKEditor -Visual HTML editor
Movable Type -Blog platform
VoltDB -Memory based database system
Firebug Lite
JW PLAYER -Flash video player
jQselectable -JQuery drop-down list plug-in
jQuery.form -JQuery form plug-in
JRex -Java browser components
VelocityTools -Velocity Toolbox
jOra -Oracle plug-in for Eclipse
GoldenDict -Cross platform dictionary software
Toolbar Icons -Open source toolbar icon
MiniBuilder -ActionScript development tool
Drigg -PHP Digg Website System
OpenSSL -Encryption library
Live USB -USB portable disc
cocos2d -Python's 2D game development framework
Java Decompiler -Java decompiler
Hudson -Continuous integration engine
zero comment
zero Collection
share
Back to top
Top