 Hey Eli. Hey Brandon. How are you doing? I'm good. How are you? Good. Good. Thanks on these coasts. I heard the weather there was really good the last few days. Oh, yeah, it was great. Is it still kind of summerish? It's nice. It's a bit dark today, but it's a lot better like two weeks back. It was like raining the entire week But now it's a little sunny the past few days. So, yeah By the way, I wanted to ask you What are you using for authorization for for SWIFI, SWIFI IDs? Is there any like What authorization we use on top? Like for example, if you run services and stuff like that We Use a home build system They're currently Like different Systems and we're building anyone that will use the SWIFI only But yeah, I have to build everything. Okay. Yeah, we ended up figuring out that we have to integrate it specifically for ourselves. So Yeah, I guess we can chat about that. Yeah, exactly. Yeah, it's a mix. We just looked on what is there and we need a mix of Herbac and Abac basically, so we didn't find what's what's in there. All right. Hi everyone Aaron, good morning, Akshonen. We'll try and keep this this session brief since Just in this Let us know that it's a better Wednesday, and I think we're Rembrandt's day in Europe. So I Think we have a pretty short agenda. So so we can let everyone get back to to the holiday yeah it was just kind of weird timing because we didn't have last week's one because of Election election day and then we have two-pronged and then we Thanksgiving. So I think we wanted to kind of just sync up really quickly For everyone forgets about us And Okay, I think the main agenda item we have is from Vinay today, so let's wait a couple I'll ask that question like well, do we need to wait? I'll go for it Let's see. Yeah Anybody looked into that Google security score open source project It's pretty interesting idea It's just the one that was posted in the group. Yeah. Yeah. I Don't know if we like if we should use something like this during like Assessment and make make sure that's like everything in his past or like there is like basically project is working on Cleaning up all their items that's highlighted by the tool So this is the CI CI check right it looks like it could be implemented as a part by they they basically check lots of Things and they have like a on their repository Basically, they explain in what's what checks are and what you can do and how we can enable the things like part of this like a fuzzing for example using osfas and Some things like a sas for example using something that you can also enable for As a part of git and I think it's free for open source projects Wish all big seems to be good practices. We should encourage doing something like this Yeah, I think in initially like right now what we're using in the security assessment. We're using the CI badging But yeah, this could be Another thing that we could also add into it as well Okay, yeah, I posted the link for that in the chat for those that are interested And then we have we have a Message in the site channel. So anyone interested can comment on that as well Cool, I think we have Vinay. Are you there? Yes, I'm here. Okay. Awesome. So Sorry in going around right. Oh, sorry. I was on mute. So I was trying not to say. Oh, sorry. I was on Yeah, I think we're just gonna Do a quick round of check-ins. It doesn't seem like that's that much update on today. I Think we're gonna There are a couple of new faces around. So maybe let's kind of go through that really quickly and then I think Vinay you You own most of the well all of the gender items today. So I after we do the check-ins will pass it over to you That's good. Okay So I see a couple New faces on your names around here Do you want to do an introduction if you're new I think Altez and Eric and model I'll jump in real quick. Hi everybody. I'm Altez here Calling in from Toronto in Canada work for a company called security compass and we're all about sort of security and Trying to help DevOps teams move quickly and making sure that security doesn't slow them down. So looking forward to working with you guys on this Awesome. Nice to meet you out. Hey, welcome Altez Mark Eric model do you want to do a quick introduction? Gingo and my name is Marla Weston. I am over at Intel. I am here because Ava Black talked me into it and Also, I Work internally with various teams working with Kubernetes So I've been trying to wrap my head around all the different pieces Cool. I I also working in confidence confidential computing. Oh I Do speak every couple of weeks to the QAT team. So part of it is trying to figure out what they need I can't get them to go yet, but we'll get there Awesome. Welcome This is Eric. So, yeah, I believe I've joined these meetings a while back But yeah, I just wanted to get back involved on the working in a company called cystic So involved with Kubernetes security and yeah, just wanted to get a broader perspective as well Awesome. Welcome. All right All right, cool. Thanks, and I I posted them the new members page So if that's something that could be a helpful You know, also Please add yourself as well to the members. That's For those that already have done that Awesome so Vinay, I think the flowers yours Hey, thanks. Thanks, Brandon Everyone as you all know that we've been Hard at work at this security white paper and I think the light is at the end of the tunnel and I think It's it's I think for all practical purposes. It's done. So I you know, I was throwing around an idea which is How about if some of the authors of the paper with a webinar and It's almost like I know it's not like a fireside chat But it's almost like a round table kind of a format where we highlight the various salient aspects of again to truly provide some kind of a perspective from thought leaders and the industry from their learnings as it applies to those various Aspects and dimensions of security as a process as it pertains to Cloud native workflows that we have outlined in the paper and I think some of those are very very beneficial as we all know We've seen it done at Kubecon and other other events So I thought how what if we thought of the idea to actually Pull together such such an event to really Amplify the message of the cloud native security paper across across the community and the industry and And so I wanted to bring that up and and I know as we do always I cut a ticket for it and it's there in the document today, but if you'd like, let me just quickly Grab a link to that and then I'll post it here in the chat So if you're interested, please feel free to call it out in the In the ticket and we'll see how we can move that forward But you know the whole intention is to you know Bring some of the others together to really really talk about some of the salient aspects as we talk about in my mind The way I've started to think about this is two dimensions one is the environment perspective where we talk about compute access Storage runtime and then the application lifecycle where we've talked about You know develop distribute deploy and to really really just Retrait that message as we move this forward. So I don't know Brandon If we should have the discussion here, but the ticket is cut. So We should if you're interested to talk about it definitely Please call call yourself out on the tip So so that is one it's a very very short request I think I think that's cool and it's definitely gonna help socialize to the white paper a lot Just just kind of just when you talk about I was thinking that maybe We could see whether we can try to have a I'm not sure what platform that you were thinking about but I was thinking maybe get a slot on the cncf webinars I think that would be cool Yeah, no, actually, I that's exactly right Brandon. I was thinking maybe I don't know what Six security has like a calendar for webinars But how and the next steps was to determine what the logistics would be to figure that out All right, cool. Yeah So that was one of the first points that I wanted to Talk about and the second one that I also wanted to talk about is the idea came about where I think Pushkar had, you know, kicked off an effort to actually have a Kubernetes perspective, right? Kubernetes perspective on the cloud native security white paper that we will That I think it's already underway. I think it's already written and going to be published So what but what once again, I thought about you know one on the themes as you know This paper is 37 pages long. I think it hasn't been shortened since and and that's a lot right So I wanted I was thinking about kind of like mini blogs or micro blogs that we could actually write to go a little bit deeper and Into each of those dimensions once again and because when you think about how the industry and practitioners Apply right at the end of the day a lot of this great stuff is coming from the community, but we want Practitioners to actually take a lot of these concepts and actually apply it in their different environments and for their use cases So to take I don't know how we can slice and dice it Maybe two three four blogs something like that, but go a little bit deeper Into the best practices and to really help move the needle and help people who are either new or practitioners was struggling with different kind of concepts to get a Slightly deeper perspective to truly take a lot of these concepts and operation. So so that was the motivation and thought around the second mini slash micro blog series and Fundamentally as you can see I think the general Motivation is I think the all of us at six security have done such a tremendous job this is truly a phenomenal product and To see once again how we can help evangelize and Amplify that So I hope I wish I was here for this so a while back You know, there was kind of this this idea of having a six security website where you could kind of get the resources together and I'm not sure whether you're thinking about it in terms of like a blog on the platform or where the you know six security itself can have Yeah, so I think JJ had mentioned that there was some I some talk around that I believe is that right? Yeah, it was called the microsite project. Yeah. Yeah, exactly exactly and so I don't know the status of that Brandon You probably have a better sense of it it was a thing and then it kind of The people that were working on it kind of got busy Like a lot of the things so I think that was like some kind of groundwork we started talking to the CNCF We got some hosting actually they do the hosting on that if I So we got access to that and we're able to like spin up a website And I think we can probably revive that I'm gonna paste the link to the issue and maybe if you could Shoot Shoot an email or may just comment on this trend and then see whether we can get the credentials Yeah, maybe, you know, see if we can kind of revive revive this, right? No, that would be great. Exactly. So I think one thought was maybe this micro site kind of blog or maybe Depending on how that goes and how soon we can bootstrap that or even maybe try to put these blogs on I don't know how it works on the CNCF and obviously on the Ovinia, I'm not sure what you cut up. Yeah, thank you. What's your But Chase, yeah, I think that was the idea is CNCF has given us a domain Unidentified domain for hosting things and then we can put it on that Sure. Sorry. I it really bizarre thing happened zoom just crashed and it rebooted anyway And it was quick. Sorry about that. I might have missed the the previous part of your comment We were just we just responding to Chase's comment But yeah, I think we got most of that and then you cut that around the end Yeah And I also I've lost the chart history because but I also posted the other ticket. I think it's 450 and 451 Hopefully it's there and once again would love for volunteers to collaborate on The 451 as well Okay, do you do you have any thoughts on like how to break down the blocks or like what the granularity of it would be A great question. I do. So what I would like to do is Maybe just put out a document and I'll attach it to the ticket and give a perspective just to start Getting feedback and input on how we can take it from there. Yeah, sure. I'm happy to take that off Yeah, I think we have a list of topics and then We could get some interest for people to sign up for for You know things that they they could write about that would Yeah, that would help. Yeah That's all I had. Thanks. Thank you everyone. Thanks Awesome. Um, so Thanks, Vinay. Um, do we have any other topics any other discussion? That we want to have today Come to security day on monday Yep Wait a second monday tuesday Monday I'm sure it's not it's weird. I think they shifted like I've got the schedule open. It's tuesday monday night. So like contribute meetup and then tuesdays are all the colo events All right. Okay. I'm really confused then. Oh, okay Yeah, I think usually usually it's monday. So I go Yeah, I just assumed it was monday just because it's always monday. So Yeah, and uh, and also we have a six security session as well that keep constant On drop by what time is that? that is It is Look it up. I'll offer the link into the link here that is on Thursday at 450 eastern Yep Cool. If not, um, hopefully you will see Most people next week during company day security day excited for that Awesome. Thank you everyone. Have a good one. Cheers. Thank you. Bye. Bye