Consultancy

Expert consultancy for strategic solutions and sustainable growth

Threat Modelling

Isolate critical security threats

How we can help secure your AI/ML-enabled systems

Pentesting and Red Team

Kubernetes & Cloud system security testing and training

CRA & OSS Compliance

EU Cyber Resilience Act advisory and secure supply chain

Platform Engineering

Security, policy, and infrastructure as code

Software Supply Chain Security

Secure software delivery from dependencies to distribution

Cloud Native Security Assurance

Enterprise security assessment for infrastructure and applications

DevOps and Deployment

Security, policy, and infrastructure as code

Red and Purple Teams

Breach simulation, incident response, testing and training

Advisory Services

Advisory and regulatory compliance

Enterprise for Flux CD Enterprise for OpenBao

Training

Our training courses catalog

How we deliver optimal outcomes for your business

Resources

Our success stories

Security reviews and publications

Open source tools and utilities

Hacking Kubernetes

How to Hack Kubernetes

Talks and presentations

Conferences and Engagements

About

About ControlPlane

Learn more about our company

Our core values and ethos

Join our team

Get in touch with us

CNCF Cloud Native Security Whitepaper

Published on December 01, 2020

Author Andrew Martin

The CNCF has published a new CNCF Cloud Native Security Whitepaper, which addresses some of the security challenges in deploying a cloud native system, and offers recommendations to CISOs, architects, and developers.

ControlPlane CEO Andrew Martin and Head of Security Rowan Baker authored and contributed to sections of the document, along with numerous other community contributors and reviewers.

Some of the sections containing ControlPlane’s contributions:

Thanks to the sig-security leadership, and multitude of other authors and contributors.

Related blogs

April 30, 2026 Blog

Defusing CanisterWorm: How Bun and Deno Secure the JavaScript Supply Chain

TeamPCP’s CanisterWorm is exploiting npm’s postinstall hooks. Learn how modern JavaScript runtimes like Bun and Deno neutralise this threat by default.

supply-chain security javascript npm threat-modeling

March 20, 2026 Blog

Why We Are Throwing Our Weight Behind OpenBao

ControlPlane’s commitment to open source security, digital sovereignty, and supporting the developers who build critical infrastructure.

security governance migration cloud open-source

March 12, 2026 Blog

ControlPlane Launches Enterprise Support For OpenBao To Strengthen Secrets Security

ControlPlane Launches Enterprise Support for OpenBao.

assurance cloud compliance identity infrastructure openbao platform-engineering supply-chain zero-trust