Loading…
16-17 June
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Japan 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Japan Standard Time (UTC+9:00)To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Type: Security clear filter
Monday, June 16
 

17:10 JST

Addons Need Love Too: Maintaining Addons for Better Cluster Security - Stevie Caldwell & Andy Suderman, Fairwinds
Monday June 16, 2025 17:10 - 17:40 JST
Level 1 | Pegasus A-B1
Projects both within and outside of the CNCF ecosystem provide additional capabilities for Kubernetes clusters. These "addons" become integral to the functioning of our clusters, but we don't often talk about their impact as a whole or managing them holistically as first-class citizens.

We know there are barriers to keeping things like addons up-to-date and that it can be difficult to get buy-in for allocating the time and resources for updating something that is working just fine (for now), especially if you’re multiple major versions behind. In this session we will help you understand and articulate the benefits of catching up and keeping addons updated and how to be proactive moving forward. You will walk away with some tools and strategies for navigating the complexity of the addon ecosystem and make the process as painless as possible. You will be able to create an action plan for improving the stability and security of your clusters and share that with stakeholders.
Speakers
avatar for Stevie Caldwell

Stevie Caldwell

Senior Tech Lead, Fairwinds
Stevie Caldwell is a Senior Site Reliability Engineering Technical Lead at Fairwinds. Stevie also participates in the R&D arm of Fairwinds where she contributes to Fairwinds’s open source projects. She has worked with Kubernetes for 6+ years, has presented at a number of webinars... Read More →
avatar for Andy Suderman

Andy Suderman

CTO, Fairwinds
Andy Suderman is CTO at Fairwinds, a managed Kubernetes-as-a-Service provider. Andy has worked with cloud native technologies for the last eight years helping organizations adopt and manage Kubernetes. Andy is the creator and primary developer of Goldilocks—an open source tool that... Read More →
Monday June 16, 2025 17:10 - 17:40 JST
Level 1 | Pegasus A-B1
  Security
 
Tuesday, June 17
 

14:50 JST

Mastering Authorization: Integrating Authentication and Authorization Data in Cloud Native Apps - Yoshiyuki Tabata, Hitachi, Ltd.
Tuesday June 17, 2025 14:50 - 15:20 JST
Level 1 | Pegasus B2-C
Authorization is one of the most important considerations for cloud-native applications, as highlighted by the OWASP Top 10. For a long time, there was no clear standard, making authorization a significant challenge for many implementers. The OpenID Foundation AuthZEN WG is now working on standards, focusing on interfaces between PEP (Policy Enforcement Point) and PDP (Policy Decision Point), which provides some hope.
However, managing authorization data remains challenging. Since this data is closely related to authentication data, architects often struggle with how the OP (OpenID Provider) and PDP should manage and integrate it. There are multiple methods, and the best approach varies by use case.
In this session, Yoshiyuki Tabata will explain various methods for managing and integrating authentication and authorization data. He will also describe implementation using Keycloak for OP and Topaz for PDP, providing valuable insights into effective data management.
Speakers
avatar for Yoshiyuki Tabata

Yoshiyuki Tabata

Senior OSS Consultant, Hitachi, Ltd.
He's a Senior OSS Consultant at Hitachi, Ltd. As an expert in IAM and APIs, he has provided numerous consultations over the past decade, including designing API and Authn/Authz platforms. He has actively contributed to CNCF TAG Security and has added significant functionalities to... Read More →
Tuesday June 17, 2025 14:50 - 15:20 JST
Level 1 | Pegasus B2-C
  Security

15:50 JST

Practical Cloud Native Compliance Automation With OSCAL Compass - Chris Butler, Red Hat & Takumi Yanagawa, IBM Research
Tuesday June 17, 2025 15:50 - 16:20 JST
Level 1 | Pegasus B2-C
Cloud presents many advantages to users in terms of flexibility, scalability and innovation. Unfortunately compliance has become more complex as standards and regulations are used by end consumers as a proxy for security of underlying platforms whose operations are opaque. Consequently platform providers have ever increasing compliance obligations.

Compliance-as-code encompasses many activities such as automation of system configuration and general DevSecOps approaches. One perpetual challenge is how to provide machine readable workflows which span from standard to audit to allow automation in a way that scales.

OSCAL-Compass, a CNCF sandbox project, provides tooling to manage both the compliance artefacts as code and link those artefacts to executable policies. This talk will provide practical introduction to using OSCAL compass to document and enforce compliance controls using two of its tools: Compliance Trestle and C2P (compliance2policy) in the context of Kubernetes clusters.
Speakers
avatar for Takumi Yanagawa

Takumi Yanagawa

Advisory Software Developer, IBM Research
Takumi is an advisory software developer working in IBM Research - Tokyo on AI for Code and Security. He has a strong background in DevOps engineer and AI Governance product development using cloud-native technologies. With several years of experience, he has worked on building and... Read More →
avatar for Chris Butler

Chris Butler

Senior Principal Chief Architect, Red Hat
Dr. Chris Butler is a Chief Architect in the APAC Field CTO Office at Red Hat. Chris’ focus is working with regulated clients who are building infrastructure, application and AI platforms. Chris facilitates co-innovation engagements with our clients and partners with our product... Read More →
Tuesday June 17, 2025 15:50 - 16:20 JST
Level 1 | Pegasus B2-C
  Security

16:30 JST

Your SBOM Is Lying To You – Let’s Make It Honest - Justin Cappos & Yuchen Zhang, New York University
Tuesday June 17, 2025 16:30 - 17:00 JST
Level 1 | Pegasus B2-C
SBOMs (Software Bills of Material) are essential for improving visibility and security in the software supply chain. As open-source code drives modern development, organizations face growing security risks due to limited transparency in software dependencies. Attacks like SolarWinds (2020) and Kaseya (2021) highlight the urgent need for stronger software supply chain security.
However, SBOMs are often inaccurate. This talk explores why these inaccuracies occur, how attackers exploit them, and how to address these issues. A key challenge is dependency management file analysis (e.g., cargo.toml for Rust), which struggles to track components effectively.
Enter SBOMit, an OpenSSF sandbox project leveraging in-toto attestations to create cryptographically verifiable SBOMs. By capturing supply chain steps as they occur, SBOMit enhances accuracy, mitigates tampering risks, and strengthens security. This talk examines SBOMit’s role in improving SBOM reliability across the CNCF ecosystem.
Speakers
avatar for Justin Cappos

Justin Cappos

Professor, New York University
I am a professor at NYU who has been working on software supply chain security for more than 20 years. I am a maintainer / creator of the TUF, Uptane, and in-toto projects, which are all under the LF.
avatar for Yuchen Zhang

Yuchen Zhang

Postdoctoral Associate, New York University
Yuchen is currently a postdoctoral researcher with the Secure Systems Laboratory (SSL) at the Tandon School of Engineering, New York University. He obtained his Ph.D. from the Department of Computer Science at Stevens Institute of Technology. Prior to Stevens, he completed his undergraduate... Read More →
Tuesday June 17, 2025 16:30 - 17:00 JST
Level 1 | Pegasus B2-C
  Security
  • Content Experience Level Any
  • Presentation Language English
 
  • Filter By Date
    Jun 13 - 18, 2025
  • Filter By Venue
    Tokyo, Japan
    All
    Foyer
    Level 1 | Appollon
    Level 1 | Cloakroom
    Level 1 | Foyer
    Level 1 | Jupiter
    Level 1 | Orion
    Level 1 | Orion B
    Level 1 | Pegasus A-B1
    Level 1 | Pegasus B2-C
    TBA
  • Filter By Type
    AI + ML
    Application Development
    Breaks
    ⚡ Lightning Talks
    All
    Application Development
    Cloud Native Experience
    Connectivity
    Data Processing + Storage
    Observability
    Security
    Cloud Native Experience
    Cloud Native Novice
    CNCF Hosted Co-Located Event
    Connectivity
    Data Processing + Storage
    Emerging + Advanced
    Experiences
    Keynote Sessions
    All
    Cloud Native Experience
    Platform Engineering
    Maintainer Track
    Observability
    Operations + Performance
    Platform Engineering
    Project Opportunities
    All
    Project Lightning Talks
    Registration
    All
    Cloakroom
    Security
    Solutions Showcase
    Sponsor-hosted Co-located Event
  • Content Experience Level
    Advanced
    Any
    Beginner
    Intermediate
  • Presentation Language
    English
    Japanese
  • Timezone
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Friday, June 13
Sunday, June 15
Monday, June 16
Tuesday, June 17
Wednesday, June 18
Foyer
Level 1 | Appollon
Level 1 | Cloakroom
Level 1 | Foyer
Level 1 | Jupiter
Level 1 | Orion
Level 1 | Orion B
Level 1 | Pegasus A-B1
Level 1 | Pegasus B2-C
TBA
  • AI + ML
  • Application Development
  • Breaks
  • ⚡ Lightning Talks
  • Cloud Native Experience
  • Cloud Native Novice
  • CNCF Hosted Co-Located Event
  • Connectivity
  • Data Processing + Storage
  • Emerging + Advanced
  • Experiences
  • Keynote Sessions
  • Maintainer Track
  • Observability
  • Operations + Performance
  • Platform Engineering
  • Project Opportunities
  • Registration
  • Security
  • Solutions Showcase
  • Sponsor-hosted Co-located Event
  • Content Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate
  • Presentation Language
  • English
  • Japanese