top | item 38136129 (no title) bildiba | 2 years ago Even more so if said containers contain Trojans.Bit more secure than running directly, but if the container is broken out of, attacker directly gets root. discuss order hn newest mmh0000|2 years ago Adding to the parent's point. The docker hub is full of malware images and the docker devs could not care less.1.2.3.1. https://www.bleepingcomputer.com/news/security/docker-hub-re...2. https://sysdig.com/blog/analysis-of-supply-chain-attacks-thr...3. https://www.bleepingcomputer.com/news/security/thousands-of-... heresie-dabord|2 years ago It's often the case with software "repositories". Pypi, npm, Maven... Security is expensive.An organisation needs money, on-staff security professionals, and (of course) lawyers to explicitly commit to maintaining a package system.Even MAAMAN (was FAANG) app stores have been exploited.FYI your second link is broken or dead.
mmh0000|2 years ago Adding to the parent's point. The docker hub is full of malware images and the docker devs could not care less.1.2.3.1. https://www.bleepingcomputer.com/news/security/docker-hub-re...2. https://sysdig.com/blog/analysis-of-supply-chain-attacks-thr...3. https://www.bleepingcomputer.com/news/security/thousands-of-... heresie-dabord|2 years ago It's often the case with software "repositories". Pypi, npm, Maven... Security is expensive.An organisation needs money, on-staff security professionals, and (of course) lawyers to explicitly commit to maintaining a package system.Even MAAMAN (was FAANG) app stores have been exploited.FYI your second link is broken or dead.
heresie-dabord|2 years ago It's often the case with software "repositories". Pypi, npm, Maven... Security is expensive.An organisation needs money, on-staff security professionals, and (of course) lawyers to explicitly commit to maintaining a package system.Even MAAMAN (was FAANG) app stores have been exploited.FYI your second link is broken or dead.
mmh0000|2 years ago
1. https://www.bleepingcomputer.com/news/security/docker-hub-re...
2. https://sysdig.com/blog/analysis-of-supply-chain-attacks-thr...
3. https://www.bleepingcomputer.com/news/security/thousands-of-...
heresie-dabord|2 years ago
An organisation needs money, on-staff security professionals, and (of course) lawyers to explicitly commit to maintaining a package system.
Even MAAMAN (was FAANG) app stores have been exploited.
FYI your second link is broken or dead.