Infrastructure-as-code security issues can compromise cloud platforms everywhere


  • Security researchers discussed vulnerabilities in infrastructure-as-code (IaC)
  • There are a number of different ways that criminals can abuse the systems
  • Problems also share defense mechanisms and solutions

Security issues with specialized infrastructure-as-code (IaC) and policy-as-code (PaC) tools could compromise entire platforms everywhere, experts warn.

A report from cybersecurity researchers at Tenable has revealed how certain tools used to help manage cloud infrastructure and policies, such as Terraform and Open Policy Agent (OPA), can be hijacked and used maliciously.