• Istio’s ztunnel, a Rust‑based zero‑trust overlay, passes Trail of Bits audit with no critical vulnerabilities. • Audit covered L4 auth, TLS, certificate management, and inbound proxying in ambient mode. • Review found one medium‑severity recommendation and two informational notes on supply chain and testing. • Performance benchmark shows ztunnel delivers higher TCP throughput than IPsec/WireGuard, 75% faster across releases. • Cargo audit revealed three dependency versions needing updates for improved security posture.
Article Summaries:
- Istio announced that its new Rust‑based zero‑trust tunnel (ztunnel) has passed a security audit by Trail of Bits with no code‑level vulnerabilities. The audit covered L4 authorization, TLS, and certificate management in Istio’s ambient mode. Reviewers noted one medium‑severity and two informational findings, mainly concerning external factors such as supply‑chain risk and testing coverage. In response, Istio has adopted GitHub Dependabot to automate dependency updates, replaced two at‑risk crates, and is expanding mutation testing to cover error‑handling paths. The audit confirms ztunnel’s high performance-up 75 % over four releases-and supports its use as a default, secure overlay in Kubernetes clusters.
Sources: