KubeVirt Security Audit

[Andrew Burden]

The KubeVirt Community is pleased to share the results of our security audit, completed through the guidance of the Open Source Technology Improvement Fund (OSTIF) and the technical expertise of Quarkslab.

This is a critical step in KubeVirt moving to Graduation within the CNCF framework, and is the first time the project has been publicly audited.

Seven CVEs (1 High and 6 Medium) were raised as part of this audit: details are in the links below. 

For more information you can check out the following:

The Security Audit Report by Quarkslab

The Quarkslab blog
The KubeVirt blog

The OSTIF blog

We recommend users review the report and update their clusters to the latest supported z-stream version of KubeVirt.

[Fabian Deutsch]

Andrew,

Thank you for sharing this report!

Great to see that the audit was completed - and a special callout to everybody who was involved to address some of the more important issues.

Addressing them is a precondition to our path to graduation.

Nice

- fabian

--
You received this message because you are subscribed to the Google Groups "kubevirt-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubevirt-dev...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/kubevirt-dev/CANuWUD9VBpb_5dn1wPhTLmp1De6x78QFOsRL2jgvii4Wj%2BDJFg%40mail.gmail.com.