Accurate and current threat intelligence data plays a vital role in threat modelling, as we can learn about what attackers are doing in the wild, and how likely certain attack paths are to be exploited. Whilst open source threat intelligence does exist, it is often ‘event-based’, focusing on historical incidents of attackers using particular techniques to exploit specific vulnerabilities. However, what if we want to quantify our own threat models, which may involve chaining together many such attack vectors?

The Kubernetes Storm Centre is a newly established open source initiative that aims to provide a framework for independent quantification of cloud native attack paths, with contributing organisations running diverse ‘honey-clusters’ and sharing their results with a central hub for the world to freely consume. In this session, we will discuss the progress made by the project so far, share our initial results and insights, and explain how interested parties can contribute.