Istio Security Assessment Google August 6, 2020 – Version 1.1 Prepared for Arun Kumar R Prepared by Mark Manning Jeff Dileo Divya Natesan Andy Olsen Feedback on this project? https://my.nccgroup 0 Executive Summary Synopsis In the summer of 2020, Google enlisted NCC Group to perform an assessment on the open-source version of Istio and all of its components. Istio is a modern service mesh technology and includes a builtin authorization system facilitated by its control plane. The goal of the assessment was to identify security issues related to the Istio code base, highlight high risk configurations

Rancher CIS Kubernetes v.1.4.0 Benchmark Self Assessment Rancher v2.2.x Version 1.1.0 - August 2019 Authors Taylor Price Overview The following document scores a Kubernetes 1.13.x RKE cluster provisioned

CIS Benchmark Rancher Self-Assessment Guide - v2.4 CIS Benchmark Rancher Self-Assessment Guide - v2.4 1 4 5 6 6 14 29 33 34 34 37 37 38 38 42 49 49 50 52 Contents CIS Kubernetes Benchmark 3 Network Policies and CNI CIS Benchmark Rancher Self-Assessment Guide - v2.4 2 53 5.6 General Policies CIS Benchmark Rancher Self-Assessment Guide - v2.4 3 CIS Kubernetes Benchmark v1.5 - Rancher Kubernetes, and the CIS Benchmark: Self Assessment Guide Version Rancher Version Hardening Guide Version Kubernetes Version CIS Benchmark Version Self Assessment Guide v2.4 Rancher v2.4 Hardening Guide

CIS 1.6 Benchmark - Self- Assessment Guide - Rancher v2.5.4 CIS 1.6 Benchmark - Self-Assessment Guide - Rancher v2.5.4 1 8 9 10 10 10 11 12 15 17 17 18 18 18 19 19 19 20 20 20 21 21 conf file permissions are set to 644 or more restrictive (Automated) CIS 1.6 Benchmark - Self-Assessment Guide - Rancher v2.5.4 2 21 21 22 23 23 24 26 27 29 31 33 34 36 37 39 41 41 42 --audit-log-maxage argument is set to 30 or as appropriate (Automated) CIS 1.6 Benchmark - Self-Assessment Guide - Rancher v2.5.4 3 58 60 61 63 65 66 68 70 71 73 74 76 77 77 78 78 79

CIS 1.5 Benchmark - Self- Assessment Guide - Rancher v2.5 CIS 1.5 Benchmark - Self-Assessment Guide - Rancher v2.5 1 4 5 6 6 14 29 33 34 34 37 37 38 38 42 49 49 50 Contents CIS v1 Policies CIS 1.5 Benchmark - Self-Assessment Guide - Rancher v2.5 2 52 53 5.3 Network Policies and CNI 5.6 General Policies CIS 1.5 Benchmark - Self-Assessment Guide - Rancher v2.5 3 CIS v1.5 Kubernetes container at the time of initialization, not via configuration files. CIS 1.5 Benchmark - Self-Assessment Guide - Rancher v2.5 4 Where control audits differ from the original CIS benchmark, the audit

QuickIssue 106 Compatibility and Technical Assessment 107 OSV Technical Assessment 107 openEuler Compatibility List 108 openEuler Technical Assessment 110 Acknowledgment 111 001 openEuler OS foundation to enable SM algorithms for various industries and help them meet the cryptography assessment. Repositories https://gitee.com/src-openEuler/openssl https://gitee.com/src-openEuler/nss https://gitee stringent control of risk factors for users and the openEuler ecosystem development. Reliability assessment Analyzes the open source software supply chain to evaluate its reliability and future evolution

horizontal scaling of MySQL” From https://vitess.io/ This report documents the results of a security assessment targeting the Vitess software database scaler. Funded by the CNCF / The Linux Foundation, this interaction, low-level protocol analysis and multi-angled penetration testing. Prior to the assessment, a CNCF-typical setup was requested by the testers and provided by the development team channel was used for arising questions and further inspiration for the test. An initial assessment of the interfaces and the system architecture, supported also by additional exchange with the development

development practices. Table 1 Traditional Versus Agile Considerations Consider Agile Practices Assessment Areas Consider Traditional Practices Requirements cannot be well defined upfront due to a dynamic iterative development User Timelines Operational environment does not7 Consider Agile Practices Assessment Areas Consider Traditional Practices and require frequent capability upgrades (<1 year). understanding of the amount of effort required for each release. It also enables an integrated assessment of the operational and programmatic risks, technical performance, cost drivers, affordability

contents 1 Executive summary 2 Notable findings 3 Project summary 4 Audit scope 6 Overall assessment 7 Fuzzing 9 Threat model 11 Issues found 17 Review of fixes for issues from previous audit https://github.com/istio/istio.io Language n/a; documentation only 6 Istio Security Audit, 2023 Overall assessment Our evaluation is that Istio is a well-maintained project that has a strong and sustainable approach advantages, and such advantages can be obtained in parts of code bases that receive less attention. Our assessment is that, not counting the Operator, Istio is a very well-maintained and secure project with a sound

https://dapr.io/#about This report describes the results of a large-scale and thorough security assessment targeting the Microsoft Distributed Application Runtime (Dapr) software complex1. Carried D 10709 Berlin cure53.de · mario@cure53.de Conclusions The results of this Cure53 assessment of the Microsoft Distributed Application Runtime (Dapr) software complex are generally optimistic project is still in development, so it is strongly advised to plan and undergo another external assessment by a third-party once the release-readiness milestones are reached. While it is clear that all