https://control-plane.io/posts/ControlPlaneen-uk© 2026 ControlPlaneTue, 26 May 2026 00:00:00https://control-plane.io/posts/the-post-quantum-radar/Tue, 26 May 2026https://control-plane.io/posts/the-post-quantum-radar/Keeping track of PQC availabilityhttps://control-plane.io/posts/tampered-tokenizers-an-ai-supply-chain-meltdown/Fri, 22 May 2026https://control-plane.io/posts/tampered-tokenizers-an-ai-supply-chain-meltdown/The tokenizer attack that existing scanners can’t catch, and the supply chain tooling that can.https://control-plane.io/posts/validating-zero-trust/Fri, 15 May 2026https://control-plane.io/posts/validating-zero-trust/GitOps revolutionised how we deliver applications, enabling faster deployments and managing infrastructure with targeted declarative precision. However, this precision doesn’t extend to securing dynamic environments and remains incredibly difficult. Consider a historical three-tier application architecture: a frontend web service, backend API, and data store. The engineer’s accountability ended when the application code was pushed to version control, and automation carried it to production (that developers may not be permitted to access).https://control-plane.io/posts/the-end-of-safe-software/Tue, 05 May 2026https://control-plane.io/posts/the-end-of-safe-software/In the wake of Anthropic’s announcement of Mythos and Project Glasswing, and with the still-emerging blast radius of Aqua Security’s Trivy compromise, many security professionals are predicting the end of safe software. We do not agree. Instead, they simply highlight and reinforce: Security standards are rising, and proactivity breeds assurance Security basics are more important than ever Open source is resilient The Attack Chains that Matter What does this mythical LLM and an open source project’s compromise have to do with each other?https://control-plane.io/posts/defusing-canisterworm-bun-deno-supply-chain/Thu, 30 Apr 2026https://control-plane.io/posts/defusing-canisterworm-bun-deno-supply-chain/TeamPCP’s CanisterWorm is exploiting npm’s postinstall hooks. Learn how modern JavaScript runtimes like Bun and Deno neutralise this threat by default.https://control-plane.io/posts/llms-ending-attacker-defender-stalemate/Tue, 28 Apr 2026https://control-plane.io/posts/llms-ending-attacker-defender-stalemate/Frontier Large Language Models (LLMs) are reshaping how software is built, attacked, and secured. Their impact is most visible in code generation and vulnerability discovery, where they reduce the time and expertise required to produce outputs that previously demanded specialist knowledge. As organisations rush to adopt AI tools into development and operations, a practical question arises: in a world where AI can autonomously write exploits and generate patches, what is the role of human-driven security?https://control-plane.io/posts/vercel-breach-roblox-secrets-management/Tue, 21 Apr 2026https://control-plane.io/posts/vercel-breach-roblox-secrets-management/The recent breach at Vercel is a textbook example of how modern supply-chain compromises unfold, starting with a Roblox cheat script.https://control-plane.io/posts/openbao-meet-the-team/Tue, 07 Apr 2026https://control-plane.io/posts/openbao-meet-the-team/Meet the team behind the new ControlPlane Enterprise for OpenBaohttps://control-plane.io/posts/sandbox-probe-release/Mon, 23 Mar 2026https://control-plane.io/posts/sandbox-probe-release/Announcing ControlPlane’s sandbox-probe: testing the limits of AI Agent Sandboxeshttps://control-plane.io/posts/why-we-support-openbao/Fri, 20 Mar 2026https://control-plane.io/posts/why-we-support-openbao/We are expanding our open source commitment to include OpenBao. Here is why we believe in true digital sovereignty, meeting market demand, and providing sustainable support for the maintainers of critical security projects.https://control-plane.io/posts/controlplane-enterprise-for-openbao-launch/Thu, 12 Mar 2026https://control-plane.io/posts/controlplane-enterprise-for-openbao-launch/Announcing the launch of a new offering designed to help organizations securely adopt and operate the OpenBao secrets management platform.https://control-plane.io/posts/ai-red-teaming-wild-west-part-2/Tue, 03 Mar 2026https://control-plane.io/posts/ai-red-teaming-wild-west-part-2/As AI agents execute workflows and access sensitive systems, organizations must shift from model safety to architectural controls, continuous testing, and framework-aligned governance.https://control-plane.io/posts/check-point-partnership/Tue, 24 Feb 2026https://control-plane.io/posts/check-point-partnership/The partnership delivers a comprehensive, regulator-ready security framework to enable organizations to move confidently from AI experimentation to production deployment.https://control-plane.io/posts/sc-magazine-open-source-security-risks/Thu, 19 Feb 2026https://control-plane.io/posts/sc-magazine-open-source-security-risks/Open source supply chain attacks are on the rise. What can businesses do to protect themselves?https://control-plane.io/posts/fluxcon-in-2026/Tue, 17 Feb 2026https://control-plane.io/posts/fluxcon-in-2026/Reflecting on eight years of Flux deployment, two years of Enterprise and a watershed moment.https://control-plane.io/posts/make-tdd-work-for-you-p2/Tue, 26 Aug 2025https://control-plane.io/posts/make-tdd-work-for-you-p2/Second and final part of a series about how to make TDD work for you.https://control-plane.io/posts/ai-red-teaming-wild-west-part-1/Fri, 15 Aug 2025https://control-plane.io/posts/ai-red-teaming-wild-west-part-1/Multi-turn agentic adversarial testing uncovers vulnerabilities in foundational models, highlighting the need for adaptive defenses, model-specific strategies, and continuous evaluation to secure GenAIhttps://control-plane.io/posts/pentesting-purple-teaming-financial-services/Tue, 05 Aug 2025https://control-plane.io/posts/pentesting-purple-teaming-financial-services/The financial services sector is increasingly targeted by cybercriminals, with cyberattacks leading to significant financial losses and reputational damage. Penetration testing and purple teaming are two security testing methodologies essential in enhancing cybersecurity posture and readiness. In this article, we will explore the importance of penetration testing and purple teaming in protecting financial services institutions against ever-evolving threats. The Impact of Cybercrime on Financial Services Financial institutions are enticing targets for cybercriminals due to the potential for direct financial gain and access to vast amounts of valuable data.https://control-plane.io/posts/trust-issues-navigating-open-source-and-software-supply-chain-risk/Thu, 24 Jul 2025https://control-plane.io/posts/trust-issues-navigating-open-source-and-software-supply-chain-risk/A two-part journey through the lens of large banks, regulated industries, and security consultancieshttps://control-plane.io/posts/the-quantum-leap-navigating-pqc-adoption-in-todays-digital-infrastructure/Fri, 18 Jul 2025https://control-plane.io/posts/the-quantum-leap-navigating-pqc-adoption-in-todays-digital-infrastructure/Key insights on PQC adoption in today’s digital infrastructurehttps://control-plane.io/posts/devsecops-is-the-new-devops/Fri, 04 Jul 2025https://control-plane.io/posts/devsecops-is-the-new-devops/A look at transforming to DevSecOps from a technical and cultural perspective, including a deeper look some supply-chain considerations.https://control-plane.io/posts/make-tdd-work-for-you-p1/Tue, 10 Jun 2025https://control-plane.io/posts/make-tdd-work-for-you-p1/First part of a series about how to make TDD work for you.https://control-plane.io/posts/gatekeeper-opa-policies-user-based/Wed, 28 May 2025https://control-plane.io/posts/gatekeeper-opa-policies-user-based/For Open Policy Agent (OPA), most of the policies that are written are based on Kubernetes resources. For example, the deployment of Pods should be avoided with the tag latest. But sometimes it is necessary to write more fine-grained OPA policies based on Kubernetes users, groups or service accounts. Let me give you an example so that the code and explanations can be better understood. Example of a use case Imagine you have a Jenkins job that creates Namespaces for tenants.https://control-plane.io/posts/beyond-compliance-strategic-cyber-resilience-in-financial-services-under-the-eus-cra/Thu, 08 May 2025https://control-plane.io/posts/beyond-compliance-strategic-cyber-resilience-in-financial-services-under-the-eus-cra/The EU’s Cyber Resilience Act (CRA) isn’t just another regulatory hurdle; it’s a fundamental shift in how we approach digital security.https://control-plane.io/posts/back-to-the-future/Thu, 01 May 2025https://control-plane.io/posts/back-to-the-future/In this talk, Andrew Martin and Matt Jarvis explored the history of cloud-native computing, examined the current security landscape, and shared their predictions for the decade ahead.https://control-plane.io/posts/kubernetes-and-the-uk/Fri, 11 Apr 2025https://control-plane.io/posts/kubernetes-and-the-uk/Kubernetes marked its 10th anniversary last year, and the CNCF commemorates a decade of remarkable success this year.https://control-plane.io/posts/kubecon-eu-25-recap/Thu, 10 Apr 2025https://control-plane.io/posts/kubecon-eu-25-recap/A recap of ControlPlane’s activities at KubeCon EU in Londonhttps://control-plane.io/posts/d2-reference-architecture-guide/Thu, 03 Apr 2025https://control-plane.io/posts/d2-reference-architecture-guide/Introducing Gitless GitOps and the Flux Operator for secure, scalable multi-tenant Kubernetes environments.https://control-plane.io/posts/controlplane-at-kubecon-eu-2025/Tue, 25 Mar 2025https://control-plane.io/posts/controlplane-at-kubecon-eu-2025/ControlPlane’s events and CTF at KubeCon EU in Londonhttps://control-plane.io/posts/ephemeral-environments-for-gitlab-merge-requests/Mon, 17 Mar 2025https://control-plane.io/posts/ephemeral-environments-for-gitlab-merge-requests/Flux Operator creates ephemeral environments for GitLab MRs. Each MR gets an automatic, dedicated preview instance for faster validation and iteration.https://control-plane.io/posts/see-it-hack-it-sort-it-how-open-source-software-protects-our-ai-enablers/Mon, 24 Feb 2025https://control-plane.io/posts/see-it-hack-it-sort-it-how-open-source-software-protects-our-ai-enablers/Protecting GPU resources in cloud infrastructure: threat modeling, attack vectors, and practical security measures using open source tools.https://control-plane.io/posts/what-is-continuous-delivery-and-how-does-it-work/Wed, 12 Feb 2025https://control-plane.io/posts/what-is-continuous-delivery-and-how-does-it-work/An exploration of what Continuous Delivery is, how it differs from related concepts, and how Flux can help.https://control-plane.io/posts/securing-kubernetes-clusters/Thu, 06 Feb 2025https://control-plane.io/posts/securing-kubernetes-clusters/Key lessons from ControlPlane’s KubeCon EU 2023 talk, covering Kubernetes threat modelling, attack techniques, and essential security measures to protect clusters.https://control-plane.io/posts/celebrating-1-year-of-commitment-to-cncf-flux/Fri, 24 Jan 2025https://control-plane.io/posts/celebrating-1-year-of-commitment-to-cncf-flux/ControlPlane supported CNCF Flux over the past year by enabling ongoing development, innovation, and community engagement.https://control-plane.io/posts/what-is-fluxcd/Fri, 24 Jan 2025https://control-plane.io/posts/what-is-fluxcd/Flux is an open source tool used to keep Kubernetes clusters in sync with configuration artefacts, especially when that configuration needs to change regularly, like when you update your software or a dependent part of your system receives a patch. Flux has been built from the ground up to use native Kubernetes APIs and to integrate with the wider Kubernetes ecosystem tools like Prometheus. It supports multi-tenancy clusters and scales massively with support for syncing multiple Git Repositories or other sources of configuration artefacts.https://control-plane.io/posts/flux-and-the-generic-helm-chart-pattern/Wed, 15 Jan 2025https://control-plane.io/posts/flux-and-the-generic-helm-chart-pattern/Based on the excellent technical article written by Flux Core Maintainer and fellow ControlPlaner Stefan Prodan.https://control-plane.io/posts/what-is-gitops/Fri, 13 Dec 2024https://control-plane.io/posts/what-is-gitops/This is the first in a series of articles about Flux CD, and introduces the foundational knowledge of GitOps. GitOps is a term coined by Weaveworks in 2018. It has been referred to as the best thing since Infrastructure as Code, and has also been referred to as being versioned CI/CD on top of declarative infrastructure. Much like how DevOps broke down the silos between Developers and Operations/Infrastructure Teams, GitOps merges the concerns for application deployment with infrastructure deployment.https://control-plane.io/posts/unlocking-delivery-success-overcoming-framework-limitations-in-regulated-environments/Tue, 10 Dec 2024https://control-plane.io/posts/unlocking-delivery-success-overcoming-framework-limitations-in-regulated-environments/ControlPlane pioneers delivery success by blending Agile adaptability with Waterfall structure to overcome regulatory challenges and drive efficiency.https://control-plane.io/posts/automated-cloud-native-incident-response/Tue, 19 Nov 2024https://control-plane.io/posts/automated-cloud-native-incident-response/ControlPlane is a proud member of and long-term contributor to the Fintech Open Source Foundation (FINOS), and almost a third of our firm’s consultants contribute to initiatives like the AI Readiness SIG, Common Cloud Controls, and Compliant Financial Infrastructure.https://control-plane.io/posts/the-evolution-of-open-source-and-cloud-native-in-fsis/Tue, 12 Nov 2024https://control-plane.io/posts/the-evolution-of-open-source-and-cloud-native-in-fsis/ControlPlane is a proud member of and long-term contributor to the Fintech Open Source Foundation (FINOS), and almost a third of our firm’s consultants contribute to initiatives like the AI Readiness SIG, Common Cloud Controls, and Compliant Financial Infrastructure.https://control-plane.io/posts/the-path-to-zero-cves-vanquishing-cyber-threats/Mon, 11 Nov 2024https://control-plane.io/posts/the-path-to-zero-cves-vanquishing-cyber-threats/Addressing Common Vulnerabilities and Exposures (CVEs) is no longer optional—aiming to eliminate them is a critical priority for securing modern systems.https://control-plane.io/posts/enterprise-for-flux-cd-on-aws-marketplace/Wed, 06 Nov 2024https://control-plane.io/posts/enterprise-for-flux-cd-on-aws-marketplace/Our products and services are now available through our partnership with AWShttps://control-plane.io/posts/controlplane-at-kubecon-na-2024/Fri, 01 Nov 2024https://control-plane.io/posts/controlplane-at-kubecon-na-2024/ControlPlane’s events and CTF at KubeCon NA in Salt Lake Cityhttps://control-plane.io/posts/flux-in-modern-devops/Tue, 22 Oct 2024https://control-plane.io/posts/flux-in-modern-devops/Stefan Prodan, core maintainer of Flux, discusses its role in automating Kubernetes with GitOps, enhancing security, and scaling infrastructure managementhttps://control-plane.io/posts/flux-operator-introduction/Mon, 14 Oct 2024https://control-plane.io/posts/flux-operator-introduction/Stefan Prodan, core maintainer of the CNCF Flux project, introduces the Flux Operator.https://control-plane.io/posts/controlplane-outreach-exposing-at-risk-students-to-careers-in-tech/Mon, 07 Oct 2024https://control-plane.io/posts/controlplane-outreach-exposing-at-risk-students-to-careers-in-tech/ControlPlane partnered with Spark! to empower at-risk students through workshops that introduced them to tech careers, continuous learning, and future possibilities.https://control-plane.io/posts/future-open-source-llm-killchains-a-talk-by-vicente-herrera/Fri, 04 Oct 2024https://control-plane.io/posts/future-open-source-llm-killchains-a-talk-by-vicente-herrera/In The Security Ai Summit 2024, Principal Consultant Vicente Herrera explores how advanced adversaries could exploit vulnerabilities in the open-source AI ecosystem, particularly in large language models (LLMs), by targeting MLOps infrastructure, with a focus on mitigation strategies to prevent such attacks.https://control-plane.io/posts/finos-ai-readiness-open-sourced/Tue, 01 Oct 2024https://control-plane.io/posts/finos-ai-readiness-open-sourced/ControlPlane’s pivotal role in the FINOS AI Governance Framework highlights our commitment to advancing AI readiness in financial services.https://control-plane.io/posts/smarter-than-your-average-sbom-a-talk-by-matt-jarvis-andrew-martin/Mon, 02 Sep 2024https://control-plane.io/posts/smarter-than-your-average-sbom-a-talk-by-matt-jarvis-andrew-martin/In Kubernetes Community Day UK 2023 Snyk, Director Matt Jarvis and ControlPlane CEO Andrew Martin teamed up and deeply delved into the Software Bill of Materials (SBOMs) worldhttps://control-plane.io/posts/cnsc-secure-ai-summit-finos/Wed, 14 Aug 2024https://control-plane.io/posts/cnsc-secure-ai-summit-finos/At the Secure AI Summit earlier this year, ControlPlane’s Torin van den Bulk delivered an eye-opening talk on the ‘Invisible infiltration of AI supply chains by adversarial actors’. This talk examines the importance of securing the data, models, and pipelines involved at each step of an AI supply chain.https://control-plane.io/posts/controlplane-at-the-bleeding-edge-ending-the-pain-of-periods/Mon, 12 Aug 2024https://control-plane.io/posts/controlplane-at-the-bleeding-edge-ending-the-pain-of-periods/The ControlPlane Agile team is proudly taking steps toward breaking down awkwardness, stigma, and workplace barriers to menstrual health.https://control-plane.io/posts/ill-let-myself-in-kubernetes-privilege-escalation-tactics/Wed, 24 Jul 2024https://control-plane.io/posts/ill-let-myself-in-kubernetes-privilege-escalation-tactics/ControlPlane’s talk at KubeCon Europe 2024 gave attendees an overview of Cloud-Native Penetration Test and privilege escalation tactics to make cloud native systems more securehttps://control-plane.io/posts/the-impact-of-the-polyfill-supply-chain-attack/Mon, 08 Jul 2024https://control-plane.io/posts/the-impact-of-the-polyfill-supply-chain-attack/How the Polyfill supply chain attack highlights the issues with trust in open source software and what approaches can be taken to mitigate the risk.https://control-plane.io/posts/mastering-the-cloud-native-wave-security-resilience-in-modern-systems/Fri, 28 Jun 2024https://control-plane.io/posts/mastering-the-cloud-native-wave-security-resilience-in-modern-systems/ControlPlane’s talk at InfoSec Europe 2024 gave attendees an overview of observations and techniques to make cloud native systems more resilient"https://control-plane.io/posts/abusing-vscode-from-malicious-extensions-to-stolen-credentials-part-1/Wed, 26 Jun 2024https://control-plane.io/posts/abusing-vscode-from-malicious-extensions-to-stolen-credentials-part-1/Attack paths for remotely compromising Visual Studio Codehttps://control-plane.io/posts/abusing-vscode-from-malicious-extensions-to-stolen-credentials-part-2/Wed, 26 Jun 2024https://control-plane.io/posts/abusing-vscode-from-malicious-extensions-to-stolen-credentials-part-2/How malicious VSCode extensions can steal your credentialshttps://control-plane.io/posts/open-source-dynamics-era-licence-innovation/Tue, 28 May 2024https://control-plane.io/posts/open-source-dynamics-era-licence-innovation/This blog post explores innovative business models for open source projects, focusing on enterprise support and subscription services, and discusses the balance between community contributions and sustainable growth.https://control-plane.io/posts/how-to-create-a-table-top-exercise-for-cyber-incident-responders/Wed, 15 May 2024https://control-plane.io/posts/how-to-create-a-table-top-exercise-for-cyber-incident-responders/OpenSSF and ControlPlane created, hosted and ran a tabletop exercise for Incident Responders in the format of a panellist discussion. Let’s have a look behind the scenes and uncover tips and tricks how a security team can carry out a similar exercise.https://control-plane.io/posts/brewing-the-kubernetes-storm-centre-kceu24/Wed, 08 May 2024https://control-plane.io/posts/brewing-the-kubernetes-storm-centre-kceu24/James Callaghan, principal consultant at ControlPlane, and Constanze Roedig discuss open source cloud native threat intelligence at KubeCon + CloudNativeCon Europe 2024https://control-plane.io/posts/fluxcd-architecture-overview/Thu, 02 May 2024https://control-plane.io/posts/fluxcd-architecture-overview/Stefan Prodan, core maintainer of the CNCF Flux project, provides a comprehensive overview of Flux CD architectures for multi-cluster continuous deliveryhttps://control-plane.io/posts/isovalent-compliance-whitepaper/Thu, 25 Apr 2024https://control-plane.io/posts/isovalent-compliance-whitepaper/Engineers, product managers and consultants from both companies explore how Cilium can tackle the challenges of cloud native compliancehttps://control-plane.io/posts/lowdown-on-locked-namespaces-kceu24/Mon, 15 Apr 2024https://control-plane.io/posts/lowdown-on-locked-namespaces-kceu24/Marco De Benedictis, senior consultant at ControlPlane, discusses how Kubernetes namespaces have grown from an optional feature to a security boundary at KubeCon + CloudNativeCon Europe 2024https://control-plane.io/posts/linux-foundation-zero-trust-training/Wed, 03 Apr 2024https://control-plane.io/posts/linux-foundation-zero-trust-training/ControlPlane has authored two Zero Trust training courses for the Linux Foundationhttps://control-plane.io/posts/kubecon-eu-recap/Thu, 28 Mar 2024https://control-plane.io/posts/kubecon-eu-recap/A recap of ControlPlane’s activities at KubeCon EU in Parishttps://control-plane.io/posts/flux-d1-reference/Wed, 27 Mar 2024https://control-plane.io/posts/flux-d1-reference/ControlPlane’s commitment to supporting the Flux Project continues, providing a model and a guide for multi-cluster, multi-tenant environmentshttps://control-plane.io/posts/envoy-gateway-threat-model/Wed, 27 Mar 2024https://control-plane.io/posts/envoy-gateway-threat-model/ControlPlane has collaborated with the Linux Foundation to threat model Envoy Gateway and generate an End User guidehttps://control-plane.io/posts/controlplane-at-kubecon-eu-2024/Thu, 14 Mar 2024https://control-plane.io/posts/controlplane-at-kubecon-eu-2024/ControlPlane’s talks and events schedule for KubeCon EU in Parishttps://control-plane.io/posts/container-security-workshop-securitay/Mon, 04 Mar 2024https://control-plane.io/posts/container-security-workshop-securitay/ControlPlane’s principal consultant, Iain Smart, talks about Container and Kubernetes Security at Abertay Hackers’ Securi-Tay 2024https://control-plane.io/posts/nist-special-publication-800-204d-calls-for-gitops-approaches/Sun, 03 Mar 2024https://control-plane.io/posts/nist-special-publication-800-204d-calls-for-gitops-approaches/Exploring how NIST’s latest publication underscores the necessity of integrating GitOps strategies in software supply chain security within DevSecOps CI/CD pipelineshttps://control-plane.io/posts/bringing-light-to-risks-lurking-in-the-black-boxes-of-ai-models/Fri, 16 Feb 2024https://control-plane.io/posts/bringing-light-to-risks-lurking-in-the-black-boxes-of-ai-models/ControlPlane’s principal consultant, Vicente Herrera, talks about AI Security at OpenUK’s “State of Open Con 2024”https://control-plane.io/posts/controlplane-and-scott-logic-collaborate-on-scottish-government-identity-and-payments-systems/Thu, 15 Feb 2024https://control-plane.io/posts/controlplane-and-scott-logic-collaborate-on-scottish-government-identity-and-payments-systems/Collaborative efforts between ControlPlane and Scott Logic on the Scottish Government identity and payment systems: security architectures, platform integrations, and project assurancehttps://control-plane.io/posts/controlplane-backs-the-cncf-flux-project-by-employing-maintainers/Thu, 15 Feb 2024https://control-plane.io/posts/controlplane-backs-the-cncf-flux-project-by-employing-maintainers/ControlPlane’s support for the CNCF Flux project ensures the sustainability and security of critical systems through open source maintenance and innovative enterprise solutionshttps://control-plane.io/posts/tangible-value-with-controlplane-enterprise-for-flux-cd/Mon, 12 Feb 2024https://control-plane.io/posts/tangible-value-with-controlplane-enterprise-for-flux-cd/ControlPlane Enterprise elevates Flux CD with enhanced security, support, and compliance, catering to diverse needs in Kubernetes deploymentshttps://control-plane.io/posts/ai-software-development-lifecycle-on-kubernetes/Tue, 30 Jan 2024https://control-plane.io/posts/ai-software-development-lifecycle-on-kubernetes/AI software’s evolution on Kubernetes: current methodologies, potential future developments, and inherent riskshttps://control-plane.io/posts/openssf-and-open-source-summit-japan-2023/Fri, 26 Jan 2024https://control-plane.io/posts/openssf-and-open-source-summit-japan-2023/ControlPlane’s journey to Japan and an overview of some of the talks presentedhttps://control-plane.io/posts/navigating-cloud-security-and-automation-with-eficode/Thu, 18 Jan 2024https://control-plane.io/posts/navigating-cloud-security-and-automation-with-eficode/Talking to Eficode about Cloud Native Security Challengeshttps://control-plane.io/posts/2023-cncf-ctf-scenarios-and-getting-started/Fri, 12 Jan 2024https://control-plane.io/posts/2023-cncf-ctf-scenarios-and-getting-started/The public release of the 2023 CNCF CTF Scenarios is here! In this blog post, we’ll walk you through the revamped simulator and how to get started with the challenges.https://control-plane.io/posts/cloud-and-kubernetes-security-predictions-2024/Thu, 11 Jan 2024https://control-plane.io/posts/cloud-and-kubernetes-security-predictions-2024/A look into the tumultuous waters of cloud and Kubernetes security in 2024https://control-plane.io/posts/nerding-out-with-viktor/Thu, 04 Jan 2024https://control-plane.io/posts/nerding-out-with-viktor/The inaugral “Nerding Out With Viktor” podcast with ControlPlane CEO, Andrew Martinhttps://control-plane.io/posts/dev-ops-con-munich-2023-workshop/Mon, 18 Dec 2023https://control-plane.io/posts/dev-ops-con-munich-2023-workshop/The “Advanced CI/CD Security” workshop we ran at DevOpsCon 2023 in Munich provided a deep dive into the latest practices shaping the future of cloud securityhttps://control-plane.io/posts/recap-cp-at-kcna-2023/Mon, 27 Nov 2023https://control-plane.io/posts/recap-cp-at-kcna-2023/Reflecting upon our experience at KubeCon North America 2023https://control-plane.io/posts/cp-at-kcna-2023/Mon, 06 Nov 2023https://control-plane.io/posts/cp-at-kcna-2023/Where to find ControlPlane talks and events at KubeCon North America 2023 in Chicagohttps://control-plane.io/posts/spiffe-confidential-computing-august-2023/Tue, 29 Aug 2023https://control-plane.io/posts/spiffe-confidential-computing-august-2023/SPIFFE and confidential computing are two security projects that minimize the level of implicit trust a user needs to place into a computing system. We will show how to combine these approaches to minimize the trust we need to place in public cloud serviceshttps://control-plane.io/posts/national-cybersecurity-strategy-july-2023/Tue, 18 Jul 2023https://control-plane.io/posts/national-cybersecurity-strategy-july-2023/The first annual iteration of the National Cybersecurity Strategy Implementation Plan has been released, detailing how the US government plans to achieve the goals previously outlined in 2021’s National Cybersecurity Strategyhttps://control-plane.io/posts/cloud-anonymous-july-2023/Thu, 13 Jul 2023https://control-plane.io/posts/cloud-anonymous-july-2023/The event took questions from an audience of industry veterans and discussed open source security, developer understanding of Kubernetes, FinOps for cloud, and morehttps://control-plane.io/posts/cp-at-nist-con-2023/Fri, 16 Jun 2023https://control-plane.io/posts/cp-at-nist-con-2023/ControlPlane’s Experience at the 4th Annual OSCAL and Multi-Cloud Conferences Sponsored by NISThttps://control-plane.io/posts/cp-at-kceu-2023-retro/Mon, 24 Apr 2023https://control-plane.io/posts/cp-at-kceu-2023-retro/ControlPlane talk & event write-ups from KubeCon EU in Amsterdamhttps://control-plane.io/posts/2023-04-21-kubecon-eu-23-open-source-releases/Fri, 21 Apr 2023https://control-plane.io/posts/2023-04-21-kubecon-eu-23-open-source-releases/ControlPlane open sources security and threat model knowledgehttps://control-plane.io/posts/threat-modelling-zero-trust/Fri, 21 Apr 2023https://control-plane.io/posts/threat-modelling-zero-trust/ControlPlane show you how to threat model Zero Trust architectures at KubeCon Europe 2023 in Amsterdamhttps://control-plane.io/posts/collie-open-source-release/Thu, 20 Apr 2023https://control-plane.io/posts/collie-open-source-release/Demonstrating compliance and securing infrastructure provisioned by Kubernetes Cloud Infrastructure Controllershttps://control-plane.io/posts/netassert-v2-release/Thu, 20 Apr 2023https://control-plane.io/posts/netassert-v2-release/How to write, test, and secure your network configurationshttps://control-plane.io/posts/controlplane-at-devseccon-uk-2023/Tue, 11 Apr 2023https://control-plane.io/posts/controlplane-at-devseccon-uk-2023/ControlPlane at DevSecCon UK Meet-uphttps://control-plane.io/posts/controlplane-at-kubecon-eu-2023/Thu, 16 Mar 2023https://control-plane.io/posts/controlplane-at-kubecon-eu-2023/Where to find ControlPlane talks and events at KubeCon Europe 2023 in Amsterdamhttps://control-plane.io/posts/intro-cloudnative-securitycon-ctf/Mon, 06 Mar 2023https://control-plane.io/posts/intro-cloudnative-securitycon-ctf/Capture-the-Flag platform demo with The New Stack 🔐🏴‍☠️https://control-plane.io/posts/inaugural-cloudnativesecuritycon/Tue, 07 Feb 2023https://control-plane.io/posts/inaugural-cloudnativesecuritycon/The Cloud Native security community is vibrant and strong 🌩🎉https://control-plane.io/posts/spiffe-keystone-of-cloud-native/Mon, 16 Jan 2023https://control-plane.io/posts/spiffe-keystone-of-cloud-native/Short-lived cryptographic identities are the basis upon which secure communication and access control are built 🗟🙊https://control-plane.io/posts/inaugural-cloudnativesecuritycon-na/Mon, 16 Jan 2023https://control-plane.io/posts/inaugural-cloudnativesecuritycon-na/Cloud Native security bursts onto the conference circuit 🌩🎉https://control-plane.io/posts/kubernetes-predictions-for-2023/Fri, 13 Jan 2023https://control-plane.io/posts/kubernetes-predictions-for-2023/A speculative look into the perils and opportunities that 2023 holds 🕵️🔎https://control-plane.io/posts/kcduk-2022/Thu, 24 Nov 2022https://control-plane.io/posts/kcduk-2022/Kubernetes Community Days 2022 at CodeNode, London ☸https://control-plane.io/posts/controlplane-accelerates-international-expansion/Tue, 22 Nov 2022https://control-plane.io/posts/controlplane-accelerates-international-expansion/ControlPlane expands into North America and APAC with two key executive hires 📈https://control-plane.io/posts/kubecon-na-2022-techstrong-tv/Mon, 21 Nov 2022https://control-plane.io/posts/kubecon-na-2022-techstrong-tv/Andrew Martin joins Mitch Ashley of Techstrong TV for a chat about ControlPlane, Hacking Kubernetes, and avoiding configuration gotchas 📺https://control-plane.io/posts/tailscale-controlplane-nov-2022/Mon, 14 Nov 2022https://control-plane.io/posts/tailscale-controlplane-nov-2022/An evening of network security by Tailscale and ControlPlane 🔐https://control-plane.io/posts/controlplane-at-kubecon-na-2022/Sun, 23 Oct 2022https://control-plane.io/posts/controlplane-at-kubecon-na-2022/Where to find ControlPlane talks and events at KubeCon North America 2022, Detroit ☸https://control-plane.io/posts/open-source-technology-in-financial-services/Wed, 19 Oct 2022https://control-plane.io/posts/open-source-technology-in-financial-services/ControlPlane’s New York City event with FINOS 🏙https://control-plane.io/posts/kubernetes-1.25-whats-new/Tue, 27 Sep 2022https://control-plane.io/posts/kubernetes-1.25-whats-new/Overview of new security features in Kubernetes v1.25 ⚸🔐https://control-plane.io/posts/oss-europe-2022-dublin/Tue, 13 Sep 2022https://control-plane.io/posts/oss-europe-2022-dublin/ControlPlane and OpenUK information at the Open Source Summit Europe 2022 in Dublin 🔐https://control-plane.io/posts/state-of-open-report-openuk-2022/Sun, 10 Jul 2022https://control-plane.io/posts/state-of-open-report-openuk-2022/ControlPlane contributes to the definitive open source report for the UKhttps://control-plane.io/posts/kubecon-eu-2022-talks/Tue, 28 Jun 2022https://control-plane.io/posts/kubecon-eu-2022-talks/ControlPlane talks at KubeCon EU, 2022 ☸https://control-plane.io/posts/new-stack-where-cloudnative-security-going/Fri, 03 Jun 2022https://control-plane.io/posts/new-stack-where-cloudnative-security-going/DevSecOps leaders on the direction of CloudNative Securityhttps://control-plane.io/posts/hacking-kubernetes-book-release/Sat, 06 Nov 2021https://control-plane.io/posts/hacking-kubernetes-book-release/A threat-based guide to Kubernetes security 📖https://control-plane.io/posts/the-software-factory-secure-reference-architecture/Wed, 13 Oct 2021https://control-plane.io/posts/the-software-factory-secure-reference-architecture/Sophisticated mechanisms and best practices to enhance defenses against supply chain threats in Kuberneteshttps://control-plane.io/posts/hardening-git-for-gitops/Wed, 12 May 2021https://control-plane.io/posts/hardening-git-for-gitops/ControlPlane whitepaper on securing GitOps workflows at source ✍https://control-plane.io/posts/cloud-native-security-whitepaper/Tue, 01 Dec 2020https://control-plane.io/posts/cloud-native-security-whitepaper/ControlPlane collaborates with authors in sig-security 📜https://control-plane.io/posts/hands-on-k8s-security/Thu, 12 Nov 2020https://control-plane.io/posts/hands-on-k8s-security/Learning Kubernetes the Secure Way 💻https://control-plane.io/posts/kubernetes-predictions-for-2019/Wed, 09 Jan 2019https://control-plane.io/posts/kubernetes-predictions-for-2019/5 predictions and 5 wishes for Kubernetes in the year ahead 🕵️🔎https://control-plane.io/posts/controlplane-sponsors-phd-of-in-toto-author-santiago-torres/Thu, 15 Nov 2018https://control-plane.io/posts/controlplane-sponsors-phd-of-in-toto-author-santiago-torres/ControlPlane, the open source and cloud native security company, sponsors the PhD work of in-toto author Santiago Torres, furthering the advancement of software supply chain security.https://control-plane.io/posts/11-ways-not-to-get-hacked/Tue, 05 Jun 2018https://control-plane.io/posts/11-ways-not-to-get-hacked/An overview of essential security features for Kubernetes, and a glance to the future 👨‍🚀