To scan or not to scan?

Should you scan the container images for vulnerabilities? If that question may have crossed your mind or, worse yet, if that question didn’t even pop up in the discussions to secure your containerized applications in production, all you have to do is look at the...

Challenges in securing containers — Part II

In the first part of this blog, I covered the need for container isolation and some of the traditional VM-specific approaches that are applied to protect containers from each other, and also the underlying kernel from the containers. In this second part of the blog, I...

Challenges in securing containers — Part I

What’s the deal with securing containers? This is the first of a two-part blog on container security and the various approaches that can be taken to isolate containers from each other, as well as to protect the kernel that is hosting the containers. In Part One, I...

True container isolation

The other day, I was chatting with one of my old buddies who works in the information security sector about containers. The conversation quickly turned into a discussion about container isolation (any wonder, when two security-minded guys are talking? :^)). As we...
Agent versus agentless

Agent versus agentless

What is an agent-based approach for monitoring and control solutions? That question came up in one of my discussions on container security solutions over two weeks ago. Though I gave my perspective and opinion while answering that question, I decided to understand...
Our first open source project!

Our first open source project!

I have a long history with open source; I first installed Linux in 1993. I can’t remember when I first contributed to an open-source project, although I believe that happened in the late 90s. As I’ve worked with various organizations over the years, I’ve looked for...