How secure are your containerized apps?
Posted: Wed 24 Apr 2019, 21:40
Containers are only as secure as their contents.
I love containers. You love containers. We all love containers. But is our love for them blinding to us the fact that we often don't really know what's running within them? Snyk, an open-source security company, reports in its State of Open Source Security report 2019 that the "top ten most popular Docker images each contain at least 30 vulnerabilities."
Snyk isn't talking about security problems with container technology itself. Those problems, like the recently discovered security hole in runc, the container runtime for Docker and Kubernetes, do exist and they're as serious as a heart attack. But far more common are insecure applications within containers.
https://www.zdnet.com/article/how-secur ... ized-apps/
I love containers. You love containers. We all love containers. But is our love for them blinding to us the fact that we often don't really know what's running within them? Snyk, an open-source security company, reports in its State of Open Source Security report 2019 that the "top ten most popular Docker images each contain at least 30 vulnerabilities."
Snyk isn't talking about security problems with container technology itself. Those problems, like the recently discovered security hole in runc, the container runtime for Docker and Kubernetes, do exist and they're as serious as a heart attack. But far more common are insecure applications within containers.
https://www.zdnet.com/article/how-secur ... ized-apps/