In-person + Virtual
October 24-28
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Daylight Time (UTC -4). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Thursday, October 27 • 5:25pm - 6:00pm
How the Argo Project Transitioned From Security Aware To Security First - Henrik Blixt & Michael Crenshaw, Intuit

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

When the Argo project applied for graduation, we believed we had a good handle on security. After all, we hadn't had any CVEs in a while, and we had 100s of companies using it in production. So everything must be great, right? This is the story of an incubating CNCF project learning: what we didn't know and how we dove headfirst into a mission to put security first. Attendees will learn about the project processes we put in place for reported vulnerabilities, how to work with external security companies, and the help we received from the CNCF. We’ll also dig into the engineering best practices we implemented as well as take a look at some concrete implementations around SBOMs and Fuzzing. The information in this talk will be especially beneficial to anyone from incubating or sandbox projects that are setting out to improve their security posture, but the learnings, stories and recommendations presented will be equally applicable to any software project or product.

avatar for Henrik Blixt

Henrik Blixt

Group Product Manager - Platform and Open Source, Intuit
Henrik is a Group Product Manager at Intuit, leading a team that's responsible for the core backend platform and open source in the Developer Experience organization, providing developers with tools and delightful experiences across networking, cloud and serverless automation, storage... Read More →
avatar for Michael Crenshaw

Michael Crenshaw

Software Engineer, Intuit
Michael Crenshaw is a software engineer on Intuit’s Argo CD team. He’s been involved in open source software for about ten years. His professional experience is varied, from e-commerce to MLOps to AgTech. Recently he has focused primarily on Argo CD security.

Thursday October 27, 2022 5:25pm - 6:00pm EDT
420 AB
  Security + Identity + Policy