The Cloud Native Computing Foundation (CNCF) has open-sourced the findings of its recent Kubernetes Security Audit, which aimed to identify potential security issues in the project. The audit was conducted using a breadth-first approach, considering multiple control families for potential problems, and found five "high severity" issues, including access control bypasses, certificate revocation, and improper patching. The report provides recommendations for improving security, such as cleaning up code bases, adding testing and documentation, and making defaults more secure. By open-sourcing the findings, the CNCF has set a good example for other projects, prioritizing security and sustainability, and benefits both maintainers and communities by providing a proactive security stance, allowing for thoughtful prioritization of fixes, and enabling community members to review the findings and make informed choices. The audit also highlights the importance of developer-first container security, with Snyk providing automated vulnerability detection and fixing capabilities.