Reply to post: Age old problem.

DevOps to DevOops: Docker Hub proves so secure that 430 Docker images out of 2,500 have no vulnerabilities

Lee D Silver badge

Age old problem.

Because unless someone remembers to update every Docker image on a regular schedule, it's just going to be out of date.

But if they do, it's going to screw lots of people over if there are changes / bugs beyond the security update, people who would have been working fine without the update.

Docker is really just a bunch of "other people's VM's" in essence, anyway. It's no more secure than anything else, because of that.

You'd think there'd be some kind of automated dependency/security tool by now that realises that a dependency is out of date, updates it and rebuilds everything that was reliant on it (or contains an unannounced copy of it, which is far more likely!). But no.

Docker - like all similar containerisation technologies - just pushes software updates behind another layer of obscurity and complexity, it doesn't actually fix them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020