OpenShift Commons Briefing: Deterministic vs Probabilistic Security: Leveraging Everything as Code with Steve Giguere (StackRox)
March 12, 2021 | by
In this OpenShift Commons Briefing, StackRox’s Steve Giguere discusses Deterministic vs Probabilistic Security: Leveraging Everything as Code and sharing his experiences from the field.
As we move to cloud native, we find ourselves layering in declarative models with the idealism of “everything as code.” Through this, we can create repeatable results through a breadth of languages which represent our desired state and through cloud native technologies like Kubernetes we can enforce that state. Only 5 years ago code was for applications. Code that relied on our imperative or human controlled provisioning of hosting technologies. Security focused on honing detection and response skills to determine what wrong looked like.
This approach to security was probabilistic where cloud native can help us be more deterministic to enforce what is right.
Shifting left isn’t just for developers anymore.
Integrating a deterministic cloud native security model enables you to employ simpler checks distributed more often throughout the pipeline. Understanding context is critical to make sure that image vulnerabilities are prioritized correctly.