There are many opinions out there about what your organization must do — or buy — to make sure container environments are secure. But taking a step back, containers stand on the shoulders of open source, and the security and compliance processes that teams have learned during the past decades remain applicable in many instances.
At the same time, container security has its own set of rules and best practices that are often less than apparent. Worse still, much of the confusion around open source security remains, further compounding the challenges.
“If I look at the container environment, we’re kind of back in the bad old days where the container Docker file may have a license, but almost always it is not the license for all of the software that is included in the container, which usually contains many components,” Dirk Hohndel, vice president and chief open source officer at VMware, said. The quintessential question, Hohndel says, is how do you find secure containers and “ensure that the one that you have is actually secure?”
In this latest episode of The New Stack Makers podcast, host Alex Williams discusses the status of compliance and security now that containers are becoming such a core part of open infrastructure. He is joined by VMware’s Hohndel and Andrew Wilson, a long-time chief open source compliance officer at Intel.