eSecurity Planet met up with Nicholas Percoco, senior VP at Trustwave SpiderlLabs, during the RSA conference last week to discuss the state of PaaS security. Percoco specifically took aim at the Red Hat OpenShift PaaS in his demo, though he cautioned that OpenShift is not necessarily vulnerable.
He noted that his team’s exploration into PaaS security did not discover or report any particular CVE-type vulnerability in OpenShift itself. But he argued that PaaS is sold and marketed to users as if they don’t have to worry about security — and that simply isn’t the case.
What the interview below: