87 percent of container images have high risk vulnerabilities

No Comments

Due to the nature of modern software design and the sharing of open source images, security teams face a large number of container vulnerabilities according to a new report.

The study from Sysdig, based on real-world data sets covering billions of containers, thousands of cloud accounts, and hundreds of thousands of applications, finds 87 percent of container images have high or critical vulnerabilities.

On a slightly more positive note only 15 percent of critical and high vulnerabilities with an available fix are in packages loaded at runtime. This means that by focusing on those vulnerable packages that are actually in use, teams can target their efforts at a smaller fraction of the fixable vulnerabilities that represent true risk.

Data from the report also shows that 90 percent of permissions are unused. If attackers compromise credentials from identities with privileged access or excessive permissions, they have the keys to the kingdom in a cloud environment.

In addition 59 percent of containers have no CPU limits defined, and 69 percent of requested CPU resources go unused. Also 72 percent of containers live for less than five minutes which makes gathering troubleshooting information after a container is gone almost impossible, the life of a container got shorter this year by 28 percent too.

"Looking back at last year's report, container adoption continues to mature, which is evident by the decrease in container life spans. However, misconfigurations and vulnerabilities continue to plague cloud environments, and supply chains are amplifying how security problems manifest. Permissions management, for users and services alike, is another area I’d love to see people get stricter about," says Michael Isbitski, director of cybersecurity strategy at Sysdig. "This year's report shows great growth and also outlines best practices that I hope teams adopt by the 2024 report, such as looking at in-use exposure to understand real risk, and to prioritize the remediation of vulnerabilities that are truly impactful."

The full report is available from the Sysdig site.

Image credit: billiondigital/depositphotos.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Ransomware, meet DRaaS: The future of disaster mitigation

Get 'Modern DevOps Practices -- Second Edition' (worth $39.99) for FREE

Number of ransomware victims up 20 percent in first quarter of 2024

Low-code tools boost developer productivity

Cisco warns of serious CLI command injection vulnerability in its Integrated Management Controller

The next Bitcoin halving is imminent and price volatility is likely

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

60 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

Install the KB5035942 update for Windows 11 to gain all of the Moment 5 features right now

8 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.