Cloud Native

MITRE released the 2025 CWE Top 25 on December 11, 2025, identifying the most dangerous software weaknesses based on 39,080 CVE Records published between June 2024 and June 2025. The list ranks weaknesses by their frequency as root causes in CVE data and their CVSS severity scores, highlighting persistent threats like XSS and SQL Injection alongside emerging issues such as authorization flaws and memory bugs—key priorities for DevSecOps teams securing modern cloud‑native applications. Explore how the 2025 rankings differ from 2024, the top ten shifts, and what CWE root causes reveal beyond CVE trends. ...

Like your favorite music streaming service’s 2025 Wrapped®, here’s my recap of Kubernetes security highlights from 2025, plus predictions for features likely graduating to stable in early 2026. As a DevSecOps Team Leader, I bridge development speed with security rigor daily. Kubernetes and cloud-native security are my passion, especially hardening workloads for production. With Kubernetes v1.35 releasing December 17, now’s the perfect time to review 2025’s security wins and plan for 2026. ...

On November 5th, 2025, a set of high-severity vulnerabilities in runc were publicly disclosed, allowing for full container breakouts. Runc is the cornerstone of containerization on Linux, serving as the default low-level container runtime for industry-standard tools like Docker, Podman, and Kubernetes. Its ubiquity means that a vulnerability in runc has far-reaching implications for the entire cloud-native ecosystem. This post summarizes the vulnerabilities, the affected versions, and the recommended actions to mitigate them. ...

As Halloween approaches and the days grow shorter, it’s the perfect time for a spooky story… or, in my case, a recap of what’s been brewing in my professional life! With the end of the year lurking around the corner, it’s time to take stock of the exciting changes, challenging projects, and community efforts that have made 2025 a year to remember. So, grab your pumpkin-spiced latte, and let’s dive into the cauldron of the last few months. ...

OpenSSF, the Open Source Security Foundation, is an influential collaborative initiative under the Linux Foundation dedicated to improving open source software security. Bringing together industry leaders, security experts, and developers, OpenSSF drives broad community efforts to address vulnerabilities, foster best practices, and enhance transparency across software supply chains. Among its standout contributions is the advocacy and tooling development around Software Bill of Materials (SBOMs), which have rapidly become indispensable for managing security risks in modern software ecosystems. ...

Quick but exciting personal update: I am now part of the organizing team for the Cloud Native Days event in Italy! Everyone who knows me understands how much I love the community side of my work and how passionate I am about joining events and organizing amazing experiences. Having worked on event organization before with my friends at Let’s Connect, I know it’s both challenging and incredibly rewarding. ...

With the Digital Operational Resilience Act (DORA) now in effect across the European Union as of January 17, 2025, financial institutions face unprecedented cybersecurity and operational resilience requirements. Successfully achieving DORA compliance demands a comprehensive security strategy that also includes the following three fundamental components: Robust secrets management Hardened container images with minimal vulnerabilities Unified cloud-native application protection platforms (CNAPPs) These technologies work synergistically to meet DORA’s stringent ICT risk management, asset identification, and third-party oversight mandates. ...

The countdown to KubeCon EU (London) has begun, and I couldn’t be more thrilled to announce that, for the third year in a row, I’ll have the incredible privilege of attending! This year is extra special because, for the second time, I’ll be managing a booth alongside my amazing colleagues. Why? Because ReeVo, the company that SIGHUP has now joined, will proudly be a sponsor of this major event! ...

One of the pleasures of working with open-source software (OSS) and community-driven initiatives is the endless opportunities they offer. If you ever find yourself with “not enough” to do at work (yes, that’s ironic!), there’s always an easy way to take on something extra and meaningful. Contributing back to the community you’re part of is a wonderful way to express gratitude. After all, how could anyone be luckier than to give back to something they love? 😊 ...

Yesterday, the organizers of KCD Italy announced that the conference will return in 2025, once again in Bologna, in June! For various organizational reasons, the conference will be rebranded as Cloud Native Days Italy, but the quality will remain just as high. At the moment, no further details are available. Start marking your calendar—see you in Bologna!