Second and final part of a series about how to make TDD work for you.| ControlPlane
Multi-turn agentic adversarial testing reveals vulnerabilities in foundational models like o3-mini and DeepSeek R1. Learn why adaptive security strategies, model-specific defenses, and continuous testing are essential for safeguarding GenAI deployments.| control-plane.io
The financial services sector is increasingly targeted by cybercriminals, with cyberattacks leading to significant financial losses and reputational damage. Penetration testing and purple teaming are two security testing methodologies essential in enhancing cybersecurity posture and readiness. In this article, we will explore the importance of penetration testing and purple teaming in protecting financial services institutions against ever-evolving threats. The Impact of Cybercrime on Financi...| ControlPlane
A two-part journey through the lens of large banks, regulated industries, and security consultancies| control-plane.io
Key insights on PQC adoption in today’s digital infrastructure| ControlPlane
Cloud Native security bursts onto the conference circuit 🌩🎉| control-plane.io
A brief examination into the transformation of DevOps into DevSecOps| control-plane.io
An exploration of TDD practices to clarify, provide guidance and help with adoption of this development practice.| control-plane.io
For Open Policy Agent (OPA), most of the policies that are written are based on Kubernetes resources. For example, the deployment of Pods should be avoided with the tag latest. But sometimes it is necessary to write more fine-grained OPA policies based on Kubernetes users, groups or service accounts. Let me give you an example so that the code and explanations can be better understood. Example of a use case Imagine you have a Jenkins job that creates Namespaces for tenants.| control-plane.io
The EU’s Cyber Resilience Act (CRA) isn’t just another regulatory hurdle; it’s a fundamental shift in how we approach digital security.| ControlPlane
A personal exploration GPU security challenges and protective measures in cloud native environments| control-plane.io
In this blog post, we delve into their discussion, unpacking the evolution of cloud-native security and outlining the key steps organisations must take to prepare for tomorrow's challenges.| control-plane.io
Kubernetes marked its 10th anniversary last year, and the CNCF commemorates a decade of remarkable success this year.| ControlPlane
A recap of ControlPlane’s activities at KubeCon EU in London| ControlPlane
Introducing Gitless GitOps and the Flux Operator for secure, scalable multi-tenant Kubernetes environments.| control-plane.io
ControlPlane’s events and CTF at KubeCon EU in London| ControlPlane
Flux Operator automates preview environments for GitLab MRs. Developers get secure, disposable, Production-like instances for faster validation and iteration.| control-plane.io
An exploration of what Continuous Delivery is, how it differs from related concepts, and how Flux can help.| control-plane.io
key lessons from Control Plane’s KubeCon EU 2023 talk, covering Kubernetes threat modeling, attack techniques, and essential security measures to protect clusters.| ControlPlane
ControlPlane supported CNCF Flux over the past year by enabling ongoing development, innovation, and community engagement.| ControlPlane
Flux is an open source tool used to keep Kubernetes clusters in sync with configuration artefacts, especially when that configuration needs to change regularly, like when you update your software or a dependent part of your system receives a patch. Flux has been built from the ground up to use native Kubernetes APIs and to integrate with the wider Kubernetes ecosystem tools like Prometheus. It supports multi-tenancy clusters and scales massively with support for syncing multiple Git Repositor...| control-plane.io
Based on the excellent technical article written by Flux Core Maintainer and fellow ControlPlaner Stefan Prodan.| ControlPlane
ControlPlane is a proud member of and long-term contributor to the Fintech Open Source Foundation (FINOS), and almost a third of our firm’s consultants contribute to initiatives like the AI Readiness SIG, Common Cloud Controls, and Compliant Financial Infrastructure.| control-plane.io
This is the first in a series of articles about Flux CD, and introduces the foundational knowledge of GitOps. GitOps is a term coined by Weaveworks in 2018. It has been referred to as the best thing since Infrastructure as Code, and has also been referred to as being versioned CI/CD on top of declarative infrastructure. Much like how DevOps broke down the silos between Developers and Operations/Infrastructure Teams, GitOps merges the concerns for application deployment with infrastructure dep...| ControlPlane
Unlocking Delivery Success: Overcoming Framework Limitations in Regulated Environments| control-plane.io
ControlPlane is a proud member of and long-term contributor to the Fintech Open Source Foundation (FINOS), and almost a third of our firm’s consultants contribute to initiatives like the AI Readiness SIG, Common Cloud Controls, and Compliant Financial Infrastructure.| ControlPlane
Addressing Common Vulnerabilities and Exposures (CVEs) is no longer optional—aiming to eliminate them is a critical priority for securing modern systems.| ControlPlane
Our products and services are now available through our partnership with AWS| ControlPlane
ControlPlane’s events and CTF at KubeCon NA in Salt Lake City| ControlPlane
Stefan Prodan, core maintainer of Flux, discusses its role in automating Kubernetes with GitOps, enhancing security, and scaling infrastructure management| ControlPlane
ControlPlane's pivotal role in the FINOS AI Governance Framework highlights our commitment to advancing AI readiness in financial services.| control-plane.io
Stefan Prodan, core maintainer of the CNCF Flux project, introduces the Flux Operator.| ControlPlane
ControlPlane partnered with Spark! to empower at-risk students through workshops that introduced them to tech careers, continuous learning, and future possibilities.| ControlPlane
In The Security Ai Summmit 2024, Principal Consultant Vicente Herrera explores how advanced adversaries could exploit vulnerabilities in the open-source AI ecosystem, particularly in large language models (LLMs), by targeting MLOps infrastructure, with a focus on mitigation strategies to prevent such attacks.| ControlPlane
In Kubernetes Community Day UK 2023 Snyk, Director Matt Jarvis and ControlPlane CEO Andrew Martin teamed up and deeply delved into the Software Bill of Materials (SBOMs) world| ControlPlane
At the Secure AI Summit earlier this year, ControlPlane’s Torin van den Bulk delivered an eye-opening talk on the ‘Invisible infiltration of AI supply chains by adversarial actors’. This talk examines the importance of securing the data, models, and pipelines involved at each step of an AI supply chain.| ControlPlane
ControlPlane at the Bleeding Edge: Ending the Pain of Periods| control-plane.io
I'll Let Myself In: Kubernetes Privilege Escalation Tactics| control-plane.io
Recently a supply chain attack was discovered for the domain cdn dot polyfill dot io which was a popular service for the distribution of an open source library polyfill.js. According to sansec.io, this attack effected over 100,000 sites which involved cdn dot polyfill dot io injecting malware on mobile devices. So what happened in the polyfill.io attack? Polyfill is a service that provides a piece of Javascript code that allows modern functionality on older browsers that do not natively suppo...| ControlPlane
Mastering the Cloud Native Wave: Security Resilience in Modern Systems| control-plane.io
Abusing VSCode Features Attack Paths for Remote VSCode Compromise Creating a Malicious Extension Publishing onto VSCode Marketplace Installing the Malicious Extension Attack Path for Stealing Credentials Conclusion Over the past several years, there has been a mantra of “shift left” to push security to the beginning of the development lifecycle. Although this is a great approach to enable developers to focus on functionality whilst providing security guidance, it does so at the cost of cr...| ControlPlane
Steal your credential| control-plane.io
OpenSSF and Controlplane created, hosted and ran a tabletop exercise for Incident Responders in the format of a panellist discussion. Let’s have a look behind the scenes and uncover tips and tricks how a security team can carry out a similar exercise.| control-plane.io
This blog post explores innovative business models for open source projects, focusing on enterprise support and subscription services, and discusses the balance between community contributions and sustainable growth.| control-plane.io
James Callaghan, principal consultant at ControlPlane, and Constanze Roedig discuss open source cloud native threat intelligence at KubeCon + CloudNativeCon Europe 2024| ControlPlane Blog: Kubernetes and Cloud Native Consulting
Sophisticated mechanisms and best practices to enhance defenses against supply chain threats in Kubernetes| control-plane.io
A comprehensive overview of Flux CD multi-cluster architecture.| control-plane.io
How Cilium features aid platform teams with NIST 800-53 compliance.| control-plane.io
Marco De Benedictis, senior consultant at ControlPlane, discusses how Kubernetes namespaces have grown from an optional feature to a security boundary at KubeCon + CloudNativeCon Europe 2024| ControlPlane Blog: Kubernetes and Cloud Native Consulting
The Envoy Gateway Threat Model, in collaboration with the Linux Foundation| control-plane.io
Zero Trust Training Courses with the Linux Foundation| control-plane.io
ControlPlane at Kubecon EU Paris ‘24 - Recap| control-plane.io
Rationale and Security considerations for the adoption of Flux CD D1 reference architecture on Kubernetes| control-plane.io
Exploring how NIST's latest publication underscores the necessity of integrating GitOps strategies in software supply chain security within DevSecOps CI/CD pipelines.| control-plane.io
ControlPlane's support for the CNCF Flux project ensures the sustainability and security of critical systems through open source maintenance and innovative enterprise solutions| control-plane.io