Season 1 · Episode 54
EP54 Container Security: The Past or The Future?
Cloud Security Podcast by Google · Anton A Chuvakin
February 28, 202224m 14s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Guest:
- Anna Belak, Director of Thought Leadership @ Sysdig
Topics:
- One model for container security is "Infrastructure security | build security | runtime security" - which is most important to get right? Which is hardest to get right?
- How are you helping users get their infrastructure security right, and what do they get wrong most often here?
- Your report states that "3⁄4 of running containers have at least one "high" or "critical" vulnerability" and it sounds like pre-cloud IT, but this is about containers? This was very true before cloud, why is this still true in cloud native? Aren't containers easy to "patch" and redeploy?
- You say "Whether the container images originate from private or public registries, it is critical to scan them and identify known vulnerabilities prior to deploying into production." but then 75% have critical vulns? Is the problem that 75% of containers go unscanned, or that users just don't fix things?
- "52% of all images are scanned in runtime, and 42% are initially scanned in the CI/CD pipeline." - isn't pipeline and repo scanning easier and cheaper? Why isn't this 90/10 but 40/50?
- "62% detect shells in containers" sounds (to Anton) that "62% zoos have a dragon in them" i.e. kinda surreal. What's the real story?
- Containers are at the forefront of cloud native computing yet your report seems to show a lot of pre-cloud practices? Are containers just VMs and VMs just servers?
Resources: