back to article Docker Hub images buggy and vulnerable, say researchers

Docker Hub users are playing Russian Roulette with Heartbleed, Poodle and Shellshock, according to an analysis of a bunch of images by newly-launched outfit BanyanOps. The outfit is using the research to bring itself out of stealth-mode, apparently: the company only Tweeted “Hello World” on May 1. Its claim, blogged here, is …

  1. Anonymous Coward
    Anonymous Coward

    Supply chain management

    It's going to come down to the IT equivalent of supply chain management making sure of the provenance of each element of the container, current patching levels for those elements, and noting incompatibilities that are reported to the developers. Further, every developer is going to have to spin up a current image and test their modifications although we have automatic building and testing tools, so it shouldn't be impossible to restructure the processes for containers. Difficult I'll buy.

    Like many an admin I have my fairly hefty collections of images here and keeping them spruced up is a headache. Since the images rarely change, individually, I tweak them during the full system backup window. Watching the backups or building images. Sheesh. Some Sunday!

  2. Tomato42
    Facepalm

    I'm surprised that it's only 30%. I would have put this closer to 30% not being vulnerable.

    Developers don't care for security, they just want their apps to work.

    Icon as the whole Docker idea makes me do that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022