eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle
19th May 2026
Supply chain security is a topic that needs little introduction, but still goes many layers deep. My colleagues André Martins and Feroz Salam, did a great write up of the defense in depth strategy Cilium uses to secure its CI/CD pipeline. I love how it skips the theoretical and goes right into the implementation, like why we use two-phase checkouts for pull_request_target and the gaps that we are still trying to close.
My other favorite security write up from this week is how Cloudflare mitigated the “Copy Fail” Linux vulnerability with eBPF. Instead of waiting for a full kernel rollout, they used eBPF to surgically block the vulnerable code path at runtime. As I said last week, the future of runtime security is live patching and enforcement in the kernel. I need to go jump in a hot spring so let’s 🐝 -gin.
November 9 in Salt Lake City, CfP open though June 21
🐝
The Livestreams
eCHO Episode 208: Tetragon & OpenClaw Lab Preview
eCHO Episode 209: Cilium on VKS with the Broadcom VKS team
The Post of the Week
As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.
🐝
To make sure you keep getting these emails, please add bill@isovalent.com to your address book or otherwise mark me as a permitted sender.
Know a friend that needs to be in the know? Forward this to them
Written and sent by Bill Mulligan and Katie Meinders. Any feedback is welcome!
I work for Isovalent at Cisco which is leading the eBPF-Powered Revolution in Cloud Native Networking, Observability, and Security with Cilium and Tetragon
Cisco/Isovalent, LLC, 755 Sycamore Drive, Milipitas, CA 95035, United States
