Docker gets a lot more secure with user namespaces and new image controls
Hackers will soon have a much harder time breaking into container clusters thanks to new security functionality Docker Inc. is introducing at its second annual European user conference this morning that promises to block off two key threat vectors. The first is its official third party software catalog, which curates operating system images, databases, and other application staples for easy access. None of the carefully-vetted entries in the gallery is particularly likely to contain malware, but there is always the risk of a bug or vulnerability accidentally slipping through.
The tens of thousands of developers that rely on the Docker Hub can thus unknowingly end up implementing compromised software in their projects with the potential to open a window for attacks. The new verification feature rolling out for the service promises to avoid such situations by periodically checking entries against the Department of Homeland Security’s continuously updated public vulnerability database and putting up a warning when a match is found. That kills two birds with one stone, deterring users against downloading unsafe software and thus giving vendors a strong incentive to issue a fix as soon as possible.
To learn more and to read the entire article at its source, please refer to the following page, Docker gets a lot more secure with user namespaces and new image controls- SiliconANGLE.com