Founded two years ago to promote the adoption of containers, a virtual method for running distributed applications, the Cloud Native Computing Foundation has since extended its support well beyond the Kubernetes container orchestration management system. The foundation now hosts 14 different open-source cloud-native projects and has attracted the biggest names in the industry, from Google LLC, IBM Corp. and Intel Corp. to Red Hat Inc., VMware Inc. and Amazon Web Services Inc. More recently, CNCF has added Microsoft Corp., Alibaba Cloud and Baidu Inc.

While the list of participating tech giants is stellar, there is a sense among Linux community members that the story of CNCF has barely covered its first chapter in what is expected to be a lengthy tale of industry innovation.

“We describe this moment for the organization and the community as the end of the beginning. Our aspiration for CNCF is to go and make entirely new mistakes, rather than replicating some of the issues that have come before,” said Dan Kohn (pictured), executive director of CNCF.

Kohn stopped by the set of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the KubeCon + CloudNativeCon event in Austin, Texas, and spoke with co-hosts John Furrier (@furrier) and Stu Miniman (@stu). They discussed the foundation’s project work, how cloud native can strengthen network security, and plans for the coming year. (* Disclosure below.)

Vendors don’t select projects

Although big companies pay hefty fees for a seat on the CNCF board ($350,000 annually for Microsoft and AWS, according to reports), they not only don’t get to run the projects, they don’t even get to pick them. That work is done by an independent technical oversight committee.

“They are trying to make good judgments based on what they are seeing in the marketplace,” Kohn said.

Among the current list of CNCF projects are two involving network security. The Update Framework, or TUF, uses cryptographic keys for content signing to protect against attacks, and Notary implements the TUF specification to secure container image updates.

The infamous Equifax breach, which has been blamed on the use of outdated software, is the kind of security problem that can be prevented through continuous integration features of cloud-native computing, according to Kohn. “Instead of doing quarterly updates or monthly updates, you want to be doing dozens of updates per day, and cloud-native infrastructure allows you to do that,” Kohn said.

If this past year is the end of the beginning, then what does the coming year hold for CNCF? “I think there’s huge swaths of this space that are still up in the air,” said Kohn, who described storage and serverless computing as prime areas for cloud-native innovation. “2018 could very well be the moment that we jump over to the early majority, and I do feel that this whole community now has the velocity to do that.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon event. (* Disclosure: Red Hat Inc. sponsored this segment of theCUBE. Neither Red Hat nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE