SEARCH
Archive
Software Supply Chain Woes Afflict DockerHub, Too
Threat analysis firm Prevasio scanned the entire DockerHub and found that 51 percent of all container images had at least one critical vulnerability and 13 percent had at least one high-severity vulnerability. Researchers also identified 6,433 images that were malicious or potentially harmful.
BeyondProd Lays Out Security Principles for Cloud-Native Applications
First, it was Beyond Corp, to shift security away from the perimeter and onto individual users and devices. Now it is BeyondProd, to apply zero-trust principles to cloud-native applications and workloads that rely on microservices and communicate primarily over APIs.
Docker Hub Breach Can Have a Long Reach
Docker revoked tokens linking GitHub and Bitbucket with Docker Hub accounts after discovering "unauthorized access" in its Hub database. Developers should check their code to ensure no unauthorized changes have been made.
Root Code Execution Flaw Threatens Container Platforms
A flaw in runC, the underlying container runtime for many platforms, can give an attacker root access to vulnerable hosts.