Transparency in vulnerability disclosure plays a crucial role in effective risk management, regardless of software development models. The Common Vulnerabilities and Exposures (CVE) database serves as a valuable resource, offering insights into known weaknesses even when fixes are unavailable. This empowers organizations to make informed decisions about prioritizing mitigation strategies and protecting their systems.

In the rapidly evolving world of container orchestration, developers have come to rely on Kubernetes to manage containerized applications. However, as Kubernetes adoption increases among organizations, ensuring the security of Kubernetes environments becomes essential. One particularly significant aspect to consider is vulnerability prioritization. It’s essential to understand that chasing after the highest CVSS scoring vulnerabilities might not always align with real-world threats.

Addressing Common Vulnerabilities and Exposures, known as CVE patching, is a practice of applying updates to software (patching) to address security vulnerabilities. CVE patching is your shield against the threat of malicious actors exploiting such weaknesses and is of crucial importance for every organization’s cybersecurity. This post will cover the basics of CVE patching: the roles and stakeholders, the step-by-step process, and common mistakes to avoid.

Guest post originally published on Kubescape’s blog by Oshrat Nir, Developer Advocate at ARMO and a Kubescape contributer.

Kubernetes 1.29 will be the last release from the Kubernetes team for 2023. The new release has 49 enhancements, with a multitude of beta and stable ones in addition to a high number of bug fixes. As Kubernetes security professionals, we explored the release to find the most notable security-centric features and improvements. This blog is tailored for those with a keen eye for security, aiming to break down how these changes will impact and enhance the security posture of Kubernetes clusters.