Teleport is an open source company. We develop in the open, including full disclosure of security issues in our changelogs and pull requests. We share our penetration tests and key compliance reports. Despite this, our communication to open source users and integration with automated security tooling needed improvement. We needed a standardized way to refer to our vulnerabilities so that when two people (or systems) talk about a vulnerability, they know they’re talking about the same thing.

SDDL, or Security Descriptor Definition Language, defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe the security settings of an object in Windows as a text string. Think of it like a simple language for defining who can access an object (like a file, folder, or registry key) and what they can do with it.

In 2024, I hope to see significant growth and renewed optimism in the tech sector. Personally, I’m looking forward to the year ahead with positivity as Teleport enters an important period and a packed pipeline of significant enhancements to the platform. These capabilities are increasingly critical to a threat landscape that is centered on attacking identity and exploiting human behavior.

The CVSS (Common Vulnerability Scoring System) is a widely used standard that produces a score between 0 and 10 to indicate the level of severity of a vulnerability. The most popular spot to find CVSS scores is on the National Vulnerability Database (NVD) website, where you’ll see CVSS scores for all CVE (Common Vulnerabilities and Exposures) IDs.

Kubernetes security is a critical part of the app lifecycle, through the build, deployment and runtime stages. Kubernetes runtime environments are dynamic and continuously changing. As clusters are replaced and permissions reassigned, security becomes an innate part of DevOps. It is important to ensure that malware and other malicious attacks do not access the cloud, as they might lead to system failures, servers going down, and more.

GitGuardian and CyberArk are unlocking new use cases–explore the first-ever integration between a secrets management and secrets detection solution for unparalleled secrets protection in DevOps.

CloudCasa, the software-as-a-service solution for backup and recovery of Kubernetes and cloud native database workloads, has come a long way since its early days.