Fabian Kammel

How did you get started with open source? For me, it always starts with becoming a user first. By using the software, you're more likely to stumble upon bugs, missing features, or areas for improvement—perfect starting points for your first contribution! datosh.github.io/post/contribut…

I'm excited to share some groundbreaking research that @wakewarduk and I have been working on. We've discovered a significant vulnerability in #VSCode that allows malicious extensions to steal secrets from other extensions. control-plane.io/posts/abusing-…

Just came out of a deep rabbit hole after wondering: “Why does my laptop get hot watching YouTube?" In case you want to find answer to questions you never had about hardware acceleration and Intel iGPUs on Linux: datosh.github.io/post/hardware_…

Great post / data from @datosh18 showing that only 2% of GitHub repos pin @github actions to a commit SHA to make them immutable.😔Thanks for calling out the #oss tool Frizbee (created by @jaosorior and other Stackers) as a way to automate this! pin-gh-actions.kammel.dev

Checking network connectivity between your #Kubernetes objects has never been easier! With #NetAssertV2, verify connectivity between K8s objects and remote hosts. Iteratively build, test and deploy Kubernetes network policies. Download the tool from netassert.io

I'm excited to share that I wrote a blog post with Mikko Ylinen & Tobin Feldman-Fitzthum, to detail how #confidentialcomputing can help to improve security in #k8s and the #cloudnative world. kubernetes.io/blog/2023/07/0…

I’m excited to present my talk, The Irresistible Rise of Cloud Native: What the Future Means for YOU, at #CodetoCloud #CybersecuritySummit, a virtual event presented by @PaloAltoNetworks.  Register to get your ticket for FREE: start.paloaltonetworks.com/code-to-cloud-…

Great talk at #devopscon #london with @sublimino! #devops #conference #developer

A KubeCon offer from @controlplaneio: Lightspeed Security in our Threat Room⚡lnkd.in/ekP-JtbZ — threat model projects, systems, supply chains, glints of the eye, we appraise and review it all in 25m sessions with our trademark high-impact threat modelling process ☸️🌩️ Cloud native security SMEs will avail you of their expertise and provide next steps to deliver usable security controls for you and your team. No experience necessary, all levels are welcome! See what else we're doing at KubeCon, including talks, running the official CTF, booth SU57 and our BoothCTF, sponsoring the very musical Kuberoke and Amsterjam, contributing to the brand new Security Village and more 🎉 #lightning-sessions" target="_blank" rel="nofollow noopener">control-plane.io/posts/controlp…

📣Join us at the Kubernetes & Cloud Native Berlin Meetup on Dec. 8th!📣 @datosh18, Senior Security Engineer at Edgeless Systems, will present security best practices as a Golang K8s developer. He'll demo signing git commits, scanning container images for vulnerabilities & more!

And it's a wrap! 🎉🎉 Our first @msdev meetup at the @MSFTReactor Berlin was so exciting and full of engaging banter! The pictures speak for themselves! See you folks for our meetups in December! 🥳🥳

Recently our Senior Security Engineer @datosh18 wrote an easy-to-read series on why and how we generate SBOMs, keep track of vulnerabilities and bring support to the customers who have to use them. 🙌

Join me at Kubernetes & Cloud Native Berlin Inaugural Meetup meetup.com/berlin-kuberne… #Meetup via @Meetup I will be talking about all things security for K8s & cloud devs, with #gitsign, #syft & #ko.

Zero-trust security is a buzzword for vendors but an important framework to implement for cybersecurity. @EdgelessSystems discussed how it ensured its software was delivered securely using @projectsigstore in #techtrends2023 infotech.com/research/ss/te…

Great Insights from @malt3 on how to create minimal OS images for #Kubernetes nodes with #mkosi

My talk "verifiable build environments in the cloud" and so many other good ones are already online! Check them out! youtube.com/watch?v=mJczpE…

@itaysk @projectsigstore Is there a way to check if a Titan key is genuine? Similar to: yubico.com/genuine/

They're giving away free disk on keys; at @projectsigstore con; a supply chain security conference; they're trolling us right 😄

@tracymiranda @theopenssf @projectsigstore @kyverno @urllib3 @tektoncd @jenkinsxio @cncfartifacthub @GoReleaser @project_harbor @HelmPack @fluxcd @kedaorg Proud to see @EdgelessSystems here! We've had a blast integrating with @projectsigstore

Introducing the brand new Sigstore landscape! As the ecosystem grows quickly, this landscape (which is part of @theopenssf ) highlights: - @projectsigstore projects - integrations - signed projects - language clients - case studies & more! landscape.openssf.org/sigstore

Enclaves & Sigstore! @datosh18 of @EdgelessSystems talks through how @projectsigstore helps confidential computing maintain a high level of security. #SigstoreCon #KubeCon

@mlieberman85 @KubeCon_ @mihaimaruseac You gotta have guac when there's slsa! I will be there, @mlieberman85

For those of you will be at @KubeCon_ , @mihaimaruseac and I will be giving a talk on GUAC, a new tool intended to help answer the hard software supply chain security questions. Come learn more about this software supply chain knowledge graph on Thursday sched.co/182Jr