The New Stack Podcast

Container Security, Unverified Images, and Docker Vulnerabilities

Episode Summary

Containers have only recently started to go mainstream as an important part of continuous integration and delivery (CICD). This is great for developer autonomy and individual ownership, but what about security? While Docker and Kubernetes have been the main drivers of this rapid container adoption, the ease at which these two orchestrators allow anyone to deploy code can leave security in peril. Does the fact that these are open-source platforms make it even more or less secure? Most importantly, how much do users understand about container security?This is some of what The New Stack Founder Alex Williams was asking when he sat down at DockerCon with Tianon Gravi, senior vice president of operations at InfoSiftr, and Noah Abrahams, Kubernetes engineer at Ticketmaster. At the end of May, the Docker Symlink-Race vulnerability was discovered in all versions of Docker container engines that offers an attacker a way to get to the host itself or any other containers managed by that host to not only read but modify the files. Abrahams sees security as something that falls on a spectrum of passive versus active versus retrospective. Watch on YouTube: https://youtu.be/MZMGIVjKBew

Episode Notes

Containers have only recently started to go mainstream as an important part of continuous integration and delivery (CICD). This is great for developer autonomy and individual ownership, but what about security? While Docker and Kubernetes have been the main drivers of this rapid container adoption, the ease at which these two orchestrators allow anyone to deploy code can leave security in peril. Does the fact that these are open-source platforms make it even more or less secure?

Most importantly, how much do users understand about container security?This is some of what The New Stack Founder Alex Williams was asking when he sat down at DockerCon with Tianon Gravi, senior vice president of operations at InfoSiftr, and Noah Abrahams, Kubernetes engineer at Ticketmaster.

At the end of May, the Docker Symlink-Race vulnerability was discovered in all versions of Docker container engines that offers an attacker a way to get to the host itself or any other containers managed by that host to not only read but modify the files.

Abrahams sees security as something that falls on a spectrum of passive versus active versus retrospective.

Watch on YouTube: https://youtu.be/MZMGIVjKBew