I recently attended a webinar in which one of the speakers said that a ‘container is never going to be as secure as a virtual machine’. I beg to differ. Docker containers are not inherently less[…]
As excitement around container technology continues to grow, many questions remain regarding the best way to secure them from both a technical and organizational perspective. While developers and[…]
RunC Like the Wind
Recently, an interesting vulnerability was discovered (CVE-2016-9962) that enables container escape to the host. The vulnerability stems from a bug found in opencontainers' runc[…]
Cisco announced a few days ago that it discovered and fixed a critical vulnerability in its CloudCenter Orchestrator, whereby a misconfiguration caused the Docker Engine management port to be[…]
In the first part of this trilogy we focused on Docker 1.10 and its seccomp capabilities. In this post we’ll explore the authorization plug-in architecture, another feature which was released as[…]
The new Docker 1.10 release has a host of new features, among them several security improvements that merit the attention of anyone using Docker to develop and run applications. I’d like to focus[…]
