nicolas dod ama tetrate
Events, Istio, Security, Use cases

DevSecOps with Istio and open source projects pushed DoD development forward 100 years

Tetrate’s Zack Butcher’s recent AMA with the United States Air Force Chief Software Officer, Nicolas Chaillan highlighted some significant achievements as a result of the Department of Defense’s move to Open source technology and DevSecOps. Platform One is a group of Air Force software developers that build and secure technology tools used across the DoD, as part of the Enterprise DevSecOps Initiative. Tetrate is a partner DoD is working with, on their journey to modernization.

Read More
App security
Security, Tetrate

Creating a Security Barrier for Web Applications

Software engineers working on a product that highly values security, whether they’re working on frontend, backend, or security features in particular, need to ensure that their web applications aren’t vulnerable to attack. 

Tetrate is a service mesh company, providing infrastructure for enterprise customers, including financial institutions and federal agencies handling highly sensitive data. We are sharing our recent efforts in securing the UI for our product, Tetrate Service Bridge, which was aided in part by some pointers from penetration testing conducted by a large financial institution. This article walks you through that experience that may help others who are building a secure UI.

Read More
Service Mesh Istio
Envoy proxy & GetEnvoy, Istio, Open Source, Security

Istio and Envoy Security Advisories

September 29, 2020 — The Envoy Product Security Team (PST) announced  the availability of a security fix and a series of patches for Envoy versions 1.12,1.13, 1.14 and 1.15 to address two high-risk vulnerabilities related to header values and HTTP URL paths. In response to CVE-2020-25017. Additionally the Istio community recommends users to upgrade to 1.6.11+ for 1.6.x deployments or 1.7.3 or later for 1.7.x deployments.

Read More
Envoy proxy & GetEnvoy, Istio, Open Source, Security

Upgrade: Istio and Envoy CVE security fixes

Users of Istio and Envoy are strongly encouraged to upgrade to Istio 1.4.6 and Envoy 1.13.1 or 1.12.3 to address four newly discovered security vulnerabilities. The Envoy update is also available via GetEnvoy.io.

CVE-2020-8659 (CVSS score 7.5, High): Excessive CPU and/or memory usage when proxying HTTP/1.1 Envoy version 1.13.0 or earlier may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (e.g., 1 byte) chunks.

Read More