How we identify and solve challenges
How to isolate critical security threats
Our offensive cloud security capability
24x7 support and GitOps enablement with Flux CD
How we can help secure your AI/ML-enabled systems
Secure software delivery from dependencies to distribution
Best-practice driven curriculum for all levels
How we deliver optimal outcomes for your business
Open source code and communities we support
Learn more about our Company
Our job listings in EMEA, NA, and APAC
Our core values and ethos
ControlPlane’s talk at Kubecon Europe 2024 gave attendees an overview of Cloud-Native Penetration Test and privilege escalation tactics to make cloud native systems more secure"
Iain Smart
Recently a supply chain attack was discovered for the domain cdn dot polyfill dot io which was a popular service for the distribution of an open source library polyfill.js. According to sansec.io, this attack effected over 100,000 sites which involved cdn dot polyfill dot io injecting malware on mobile devices. So what happened in the polyfill.io attack? Polyfill is a service that provides a piece of Javascript code that allows modern functionality on older browsers that do not natively support it.
Kevin Ward
ControlPlane’s talk at InfoSec Europe 2024 gave attendees an overview of observations and techniques to make cloud native systems more resilient"
Rob Kenefeck
High Level Architecture VSCode API Electron safeStorage Chromium OSCrypt Analysis Limited Documentation No Sandboxing Hardcoded Chromium Password 73% of developers use VSCode to work on hobby projects and enterprise software alike. At the same time, a disproportional amount of independent security research has been performed on VSCode to enable the community to make informed, risk-based decisions when it comes to VSCode adoption and hardening. Both Check Point and Aqua show how easily malicious extensions steal personal identifiable information (PII) and other sensitive data by impersonating popular extensions in the VSCode Marketplace.
Fabian Kammel & Kevin Ward
Abusing VSCode Features Attack Paths for Remote VSCode Compromise Creating a Malicious Extension Publishing onto VSCode Marketplace Installing the Malicious Extension Attack Path for Stealing Credentials Conclusion Over the past several years, there has been a mantra of “shift left” to push security to the beginning of the development lifecycle. Although this is a great approach to enable developers to focus on functionality whilst providing security guidance, it does so at the cost of creating a powerful multi-functional toolbox which is integrated with source code repositories, CI/CD pipelines, cloud providers and other services.
Kevin Ward & Fabian Kammel
This talk looks at the future of open source in the light of the turmoil from new “faux-pen source” business licenses. It explores the intricate dynamics of community-driven software construction, focusing on sustainability challenges with the evolving nature of licenses and business models, and contemplates solutions to the tension between open source principles and hyperscale cloud service providers.
Andrew Martin
After a fair amount of hard work and collaboration with the OpenSSF and numerous proposed and scrapped scenarios, we launched the OSSF WG Vulnerability Disclosures TTX Documentation.Β OpenSSF wanted to create, host and run an Incident Response scenario (IR) Table Top Exercise (TTX), in the format of a panellist discussion, held at SOSS Community Day North America, in Seattle. Letβs start with a look behind the scenes at what goes into developing and conducting an effective Incident Response TTX, what worked for us and what didnβt, and how we think these lessons can contribute to anyone else looking to carry out a similar exercise.
Ian Barbour
James Callaghan, principal consultant at ControlPlane, and Constanze Roedig discuss open source cloud native threat intelligence at KubeCon + CloudNativeCon Europe 2024
James Callaghan
Stefan Prodan, core maintainer of the CNCF Flux project, provides a comprehensive overview of Flux CD architectures for multi-cluster continuous delivery
Stefan Prodan
Engineers, product managers and consultants from both companies explore how Cilium can tackle the challenges of cloud native compliance
Ollie Cuffley-Hur & Martyn Smith
Marco De Benedictis, senior consultant at ControlPlane, discusses how Kubernetes namespaces have grown from an optional feature to a security boundary at KubeCon + CloudNativeCon Europe 2024
Marco De Benedictis
ControlPlane has authored two Zero Trust training courses for the Linux Foundation
ControlPlane
A recap of ControlPlane’s activities at Kubecon EU in Paris
Ashley Ward
ControlPlane has collaborated with the Linux Foundation to threat model Envoy Gateway and generate an End User guide
ControlPlane’s commitment to supporting the Flux Project continues, providing a model and a guide for multi-cluster, multi-tenant environments
Andrea Martino
ControlPlane’s talks and events schedule for KubeCon EU in Paris
Niamh O'Loughlin
ControlPlane’s principal consultant, Iain Smart, talks about Container and Kubernetes Security at Abertay Hackers’ Securi-Tay 2024
Exploring how NIST’s latest publication underscores the necessity of integrating GitOps strategies in software supply chain security within DevSecOps CI/CD pipelines
ControlPlane’s principal consultant, Vicente Herrera, talks about AI Security at OpenUK’s “State of Open Con 2024”
Vicente Herrera
ControlPlane’s support for the CNCF Flux project ensures the sustainability and security of critical systems through open source maintenance and innovative enterprise solutions
Collaborative efforts between ControlPlane and Scott Logic on the Scottish Government identity and payment systems: security architectures, platform integrations, and project assurance
ControlPlane Enterprise elevates Flux CD with enhanced security, support, and compliance, catering to diverse needs in Kubernetes deployments
AI software’s evolution on Kubernetes: current methodologies, potential future developments, and inherent risks
ControlPlane’s journey to Japan and an overview of some of the talks presented
Jack Kelly
Talking to Eficode about Cloud Native Security Challenges
The public release of the 2023 CNCF CTF Scenarios is here! In this blog post, we’ll walk you through the revamped simulator and how to get started with the challenges.
A look into the tumultuous waters of cloud and Kubernetes security in 2024
The inaugral “Nerding Out With Viktor” podcast with ControlPlane CEO, Andrew Martin
The βAdvanced CI/CD Securityβ workshop we ran at DevOpsCon 2023 in Munich provided a deep dive into the latest practices shaping the future of cloud security
Fabian Kammel
Reflecting upon our experience at KubeCon North America 2023
Jasmine Andine
Where to find ControlPlane talks and events at KubeCon North America 2023 in Chicago
SPIFFE and confidential computing are two security projects that minimize the level of implicit trust a user needs to place into a computing system. We will show how to combine these approaches to minimize the trust we need to place in public cloud services
The first annual iteration of the National Cybersecurity Strategy Implementation Plan has been released, detailing how the US government plans to achieve the goals previously outlined in 2021’s National Cybersecurity Strategy
The event took questions from an audience of industry veterans and discussed open source security, developer understanding of Kubernetes, FinOps for cloud, and more
Emma Ballantyne
ControlPlane’s Experience at the 4th Annual OSCAL and Multi-Cloud Conferences Sponsored by NIST
Torin van den Bulk
ControlPlane talk & event write-ups from KubeCon EU in Amsterdam
Ollie Cuffley-Hur
ControlPlane show you how to threat model Zero Trust architectures at KubeCon Europe 2023 in Amsterdam
ControlPlane open sources security and threat model knowledge
How to write, test, and secure your network configurations
Prithak Sharma
Demonstrating compliance and securing infrastructure provisioned by Kubernetes Cloud Infrastructure Controllers
Rowan Baker & Henry Mortimer
ControlPlane at DevSecCon UK Meet-up
Joe Collins
Where to find ControlPlane talks and events at KubeCon Europe 2023 in Amsterdam
Capture-the-Flag platform demo with The New Stack ππ΄ββ οΈ
The Cloud Native security community is vibrant and strong π©π
Cloud Native security bursts onto the conference circuit π©π
Short-lived cryptographic identities are the basis upon which secure communication and access control are built π§π
A speculative look into the perils and opportunities that 2023 holds π΅οΈπ
Kubernetes Community Days 2022 at CodeNode, London βΈ
Jaymie Thomas
ControlPlane expands into North America and APAC with two key executive hires π
Andrew Martin joins Mitch Ashley of Techstrong TV for a chat about ControlPlane, Hacking Kubernetes, and avoiding configuration gotchas πΊ
An evening of network security by Tailscale and ControlPlane π
Where to find ControlPlane talks and events at KubeCon North America 2022, Detroit βΈ
ControlPlane’s New York City event with FINOS π
Overview of new security features in Kubernetes v1.25 βΈπ
James Cleverley-Prance
ControlPlane and OpenUK information at the Open Source Summit Europe 2022 in Dublin π
ControlPlane contributes to the definitive open source report for the UK
ControlPlane talks at Kubecon EU, 2022 βΈ
DevSecOps leaders on the direction of CloudNative Security
A threat-based guide to Kubernetes security π
Sophisticated mechanisms and best practices to enhance defenses against supply chain threats in Kubernetes
ControlPlane whitepaper on securing GitOps workflows at source β
ControlPlane collaborates with authors in sig-security π
Learning Kubernetes the Secure Way π»
Pi Unnerup
5 predictions and 5 wishes for Kubernetes in the year ahead π΅οΈπ
ControlPlane, the open source and cloud native security company, sponsors the PhD work of in-toto author Santiago Torres, furthering the advancement of software supply chain security.
An overview of essential security features for Kubernetes, and a glance to the future π¨βπ
Cookies are used to enhance your browsing experience.