Hardened Containers Look to Eliminate Common Source of Vulnerabilities www.darkreading.com/applicati…
Containerization technology makes software development and cloud deployment easier, but the images that are the foundation of the ecosystem commonly have unnecessary components and hundreds of vulnerabilities. A Chainguard study, for example, found that popular Debian-based Docker images had 280 vulnerabilities, on average, while a study published by NetRise and based on a randomly selected sample of 70 different images found that the average container had 604 vulnerabilities.
The massive vulnerability counts are a side effect of how images are often created — starting with a containerized Linux distribution and adding on other software. The aim is just to make the technology work, says Michael Donovan, vice president of product at Docker.
“What has sort of powered all these container workloads across the industry for over a decade has been the inclusion of a bunch of software that just didn’t need to be there,” Donovan says. “Most developers don’t really understand all the different system packages … you just want your application to work.”
