"Most Third-Party Cloud Containers Have Vulnerabilities"

Researchers at Palo Alto Networks have discovered that the vast majority of third-party code used in cloud infrastructure contains vulnerabilities and misconfigurations, which could leave organizations exposed to attack.  The researchers found that 63% of third-party code templates used to build cloud infrastructure contain insecure configurations, while 96% of third-party container applications deployed in cloud infrastructure contain known vulnerabilities.  Researchers stated unvetted third-party code can introduce vulnerabilities and malware inserted on purpose by threat actors. The researchers analyzed public Terraform modules and found that over 2500 were misconfigured in encryption, logging, networking, backup and recovery, and identity and access management.  The researchers stated that teams continue to neglect DevOps security partly because of the lack of attention that is given to supply chain threats.

Infosecurity reports: "Most Third-Party Cloud Containers Have Vulnerabilities"