 Hello Jeffrey. Hello Akash, how are you? I'm fine. This wasn't cancelled today was it? Did we just not get the memo? I don't think it's cancelled because if you have a meeting on my calendar, is there any event or a holiday somewhere in the US or EU? None in the US that I know about, not sure about the EU or Canada. I had a discussion with Taylor in the morning about some of the topics. So I'm sure it was available at that point then. Well we're five past. I'm going to really quick jump on another call and then I'll swing back here in a little bit to see if it kicked back off or not. Yeah, sure. I'll just hang on. Stay online for about a few minutes and then we'll talk to you later buddy. Hello Ben. Hi Akash, how are you doing? I'm fine, how are you? I'm fine. Do we have a meeting today? Yeah, definitely just join and then he left because nobody else was there in the week. Oh okay, sure. Yeah and then Taylor and Lucy are here too, yes. That's amazing. Yeah. Hey Taylor. Hi. 25th. There's no spots for names. How did we lose that? Everyone can add their name would be appreciated. And any agenda items? Does anyone have anything to add before we jump into the poll request? Well let's see. Hey Anne, Jeffrey in the notes but I don't see him here. So we'll skip Jeffries. Anne, do you have any update on? No, no I don't. Okay Ben. Yeah. I'll jump into yours. Okay. Actually you told me that there were people who had questions but I honestly I don't recall. Let's go into it. File changes. Here's one that you respond to and then Ian, I don't know if you can look at this. I tried to remember. I guess that was it. That's the last one. Yeah I also remember that you were saying that I need to move this file to a different directory. Yeah. But then someone said that way that's okay. I'm just you know it's really not nothing to move it to some other directory but just tell me okay if to move it or not. Yeah it needs to be moved. So you have it under user stories. Yeah. But if I recall I need to move it to not to use case but this one CBP piece. Yeah yeah CBP piece. Okay I will change it now. The other part was getting some references in. So I'm just going to go open the best practice itself and then I'll um well some of the other current best practices and then I'll look at this. So here's yours. This actually seems like it's a set of best practices. Disabling anonymous requests, enabling audit logging. Each one of these would be best practices. This one has more details. So you think it should be broken into into different files? I mean it it's not that it has to be I guess we've we had been doing that. So if we look at this one the main point would be how do you summarize and and then provide the other portions like what are the goal of that best practice then you're putting forward a proposal for the best practice relating it back to user stories. So if all of them relate to the same user stories and they all have the same references then maybe it can go together. It seems harder to put forward like the individual proposals and then what if someone if we say there's agreement on three out of the was it five one two three four five. Is it five I think or is it six? I think this part of this from the standpoint of these are security practices. You know they fit together but if I was just looking at this disabling anonymous request API and then enabling audit logging. I mean someone may I don't know have some reason to turn on anonymous logging but they're they agree with audit logging. It definitely seems like individual things that could be adopted. Yeah I mean the the thing that which you know connects them together is really the API server configuration that I have to properly configure API server. But yeah so for me I think that you know it's really your call because I don't really know okay what is the idea okay of ordering the things under you know under these best practices whether you see best practice as a single you know configuration or single statement or we want to you know to group them along some you know some common denominator but it's really up to you okay how you guys thought about this. So I guess there's a few ways to come at this if we're thinking of we're recommending people adopt best practices. You can say here's a whole set under here and so they go we've adopted all of the server API or we're doing it we want to understand it and it has enough information as a set that's fine. If grouping it as a set doesn't allow you to provide enough information you know that would be a reason to you can look at this one has a whole lot of information about just non-route. The other place would be when we're looking at if you have anything that's checking to see if someone is following best practices in that case all of these will individually be checked. Now you may group it and say you must do these things to for us to be okay a set of them but from the standpoint of testing you're going to test each one each individual thing by itself. You would test them you know individually okay right. So just from the idea of being able to discuss them it seems like having them separated then you can talk about you know someone going in and having problems with one thing and you can point to the best practice around that one thing and the test around that one thing and to the set. The one place where I would I guess I would myself I would lean towards breaking them up. The one area where I don't think it's necessary and we've gone both ways is user stories. So like this supply chain attack there's a whole set. So you could have user stories which are referenced by the referenced by the best practices and they all share the same user stories like this best practice for no route in containers references a whole set of user stories and I can see and there's other least privilege practices that can point to those same ones like don't set privilege to true for your pod don't allow bounding local host file system those could all be point to the same set of user stories but talking about why shouldn't you mount the host file system there's besides the proposal like what is that encompass the trade-offs would be very different for not no route versus being able to mount the host file system for something for instance references may or may not be the same on that. Alternatives for that are definitely going to be different between no route in containers and not mounting the host file system even though they may share references and share user stories and then we also have use cases so it's user cases or user stories and some of these are would be like an individual a specific use case where it's defining where you're going to see some set of problems. So anyways I think it would be better to have it wrap in it and break it up at a minimum that we want to move it and you want to add references like this and you want to add a link to some set of user stories. Okay sure okay I will do trying to look it may actually have we may have some user stories that fit and otherwise we'll want to add some you can check this one too there's a lot of content in here that might be good related to what this practice is okay and did you have a response to that one comment which one comment oh I mean it just above it yeah I mean if you're gonna if you're talking about sorting this out with justification I suspect that comment will become irrelevant so I wouldn't I wouldn't take that any further right now okay yeah can I just resolve it and let him move it all over and then we take a look yeah yeah go for it so now your claim just move it all over I would suggest then move it to the correct directory start adding the references and look at user stories and then you can split stuff up after you have some of the shared content ready okay well that's all we have right now I think we're more than ready to add some new best practices does anybody have any ideas for new best practices to propose we had a whole list in this document and then all the different scenarios and examples how about this one applications in their own namespace or the service accounts what's that I see give each application its own sir credit service accounts and but but you also said the different namespace to each one which one you met and oh this is just a whole set I'm just pointing out okay okay I dropped a link to this document but you can see these are just ideas that we had for individuals um I know that cubescape covers this one privilege equals true um well I mean I I'm hopefully I will finish okay this and then I'm happy to write another one after yeah okay well does anyone else want to help does anyone have an interest in this if someone does and reaches out I'm willing to put some time in with someone to get some more practices and I know the namespace there's been a lot of content about it there's several tests out there that are around practices for namespaces and the privilege privileges setting privilege equals true that flag again lots of content the user stories are done you point them to the that set of um fly chain attack user stories the references are a lot of the same references that are in the no route are going to be the same we can stop here everyone is interested or have some ideas and let me know I guess that's it for today y'all thanks everyone thank you have a good one