"87 Percent of Container Images Have High-Risk Vulnerabilities"

According to a new report from Sysdig, security teams are facing a large number of container vulnerabilities due to the nature of modern software design and the sharing of open-source images. Based on real-world data sets encompassing billions of containers, thousands of cloud accounts, and hundreds of thousands of applications, 87 percent of container images have high or critical vulnerabilities. On a positive note, only 15 percent of critical and high vulnerabilities with available fixes are present in packages loaded at runtime. By focusing on vulnerable packages that are actually in use, teams can focus their efforts on a smaller number of the fixable vulnerabilities that pose a genuine threat. In addition, the analysis indicates that 90 percent of permissions are not used. In a cloud environment, attackers with compromised credentials for identities with privileged access or excessive permissions hold the keys to the kingdom. This article continues to discuss key findings from the new Sysdig report on cloud-native security and usage. 

BetaNews reports "87 Percent of Container Images Have High-Risk Vulnerabilities"