logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Day in the Life of a Base Image: The Evolution of Vulnerabilities in the Most Popular Containers

Conference:  Cloud Native SecurityCon North America 2022
Authors: Ayse Kaya
2022-10-24

tldr - powered by Generative AI

The talk discusses the evolution of vulnerabilities in popular public container images and the challenges faced by developers and DevSecOps teams in handling them. The speaker shares insights from a report on publicly available containers on Docker Hub and highlights the need for practical steps to prevent the dev process from grinding to a halt.
  • Container scanning and security is becoming more widely adopted, but the long-term security posture of containers is not well-understood.
  • New vulnerabilities arise constantly, and many vulnerabilities fall into a catchall bucket of 'won't fix'.
  • The attack surface of popular public container images like Python and NodeJS has changed over the past year, and different vulnerability scanners show different results.
  • Developers and DevSecOps teams face challenges in ensuring containerized applications are free from vulnerabilities due to the complexity of containers and manual processes.
  • Practical steps can be taken to stay on top of vulnerabilities and prevent the dev process from grinding to a halt.
Tags:
container security
scanning
vulnerabilities
images
DevSecOps