The Cloud Native Computing Foundation (CNCF) continues to grow, with 58 new members joining in the last quarter. These members vary in size, with some joining on a Silver basis, meaning they make a smaller annual contribution than Platinum and Gold members. Among the new members are SUE, a cloud consultancy from Geldermalsen, and the well-known companies Lenovo and Cognizant.
Founded in 2015, CNCF works to promote open-source projects for cloud-native applications, giving developers the chance to gradually mature their projects and make them reliable and commercially viable. Projects progress through stages, starting with Sandbox, then Incubating, and finally Graduated. To be admitted to CNCF, developers must meet certain requirements, such as accepting a Code of Conduct and clearly communicating version updates. Currently, more than 150 projects are active in various stages.
In the summer of 2022, CNCF commissioned a security audit of Kubernetes version 1.24 from the British cybersecurity expert NCC Group. The audit revealed a number of issues, including confusing admin experience in terms of limiting user and network privileges, loopholes in the authorization system between components of Kubernetes, and ways to bypass authorization. According to NCC, these were the only vulnerabilities that posed a major risk to users.
