VULNERABILITY MANAGEMENT IN THE AGE OF CONTAINERS – A REVIEW

Authors

  • Gaurav Jaisinghani Manager of Security Engineering, Sunnyvale, California, US Author

Keywords:

Cybersecurity, Cyberattack, Software, CICD, CVE, NVD

Abstract

While the concept of containerization has existed for a few decades, the use application containers skyrocketed with the introduction of Docker. Containers facilitate a microservice-based architecture that makes software projects extremely scalable and modular. Kubernetes is a container orchestration tool that makes container deployment, scaling and load balancing effortless. While these technologies incredibly reduce the operational overhead, they also bring to the fore additional security challenges the make Vulnerability Management ever more important. A successful cybersecurity program at any organization will address image scanning at various stages in the product deployment pipeline. No matter what the size, maturity and risk appetite of an organization, there are some approaches, or a combination thereof, that can be leveraged to effectively manage risk. The purpose of this paper is to explore the different paradigms of image scanning and provide context for organizations to make informed decisions.

 

References

https://academic.oup.com/gigascience/article/10/6/giab025/6291571

https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html

Eder, M. (2016). Hypervisor-vs. container-based virtualization. Future Internet (FI) and Innovative Internet Technologies and Mobile Communications (IITM), 1.

https://www.net.in.tum.de/fileadmin/TUM/NET/NET-2016-07-1/NET-2016-07-1_01.pdf

Rice, Liz, Container Security, First Edition (Sebastopol: O’Reilly Media, Apr 2020), 57-72

https://docs.docker.com/storage/storagedriver/#images-and-layers

https://snyk.io/test/docker/debian:bullseye

https://sysdig.com/wp-content/uploads/2021-container-security-and-usage-report.pdf

Arachchi, S. A. I. B. S., & Perera, I. (2018, May). Continuous integration and continuous delivery pipeline automation for agile software project management. In 2018 Moratuwa Engineering Research Conference (MERCon) (pp. 156-161). IEEE.

Gonzalez, D., Perez, P. P., & Mirakhorli, M. (2021, October). Barriers to Shift-Left Security: The Unique Pain Points of Writing Automated Tests Involving Security Controls. In Proceedings of the 15th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM) (pp. 1-12).

https://trivy.dev/

https://www.redscan.com/news/nist-nvd-analysis-2021-record-vulnerabilities/

https://blog.beyondsecurity.com/agent-based-vs-agent-less-scanning/

https://www.civo.com/kubernetes-report-2021/k8s-benefits

https://www.cncf.io/announcements/2022/02/10/cncf-sees-record-kubernetes-and-container-adoption-in-2021-cloud-native-survey/

https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/

https://www.openpolicyagent.org/

https://www.zdnet.com/article/log4j-flaw-attackers-are-making-thousands-of-attempts-to-exploit-this-severe-vulnerability/

Downloads

Published

2022-11-03

Issue

Vol. 1 No. 1 (2022): INTERNATIONAL JOURNAL OF INFORMATION SECURITY (IJIS)

Section

Articles

License

Copyright (c) 2022 Gaurav Jaisinghani (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

VULNERABILITY MANAGEMENT IN THE AGE OF CONTAINERS – A REVIEW. (2022). INTERNATIONAL JOURNAL OF INFORMATION SECURITY (IJIS), 1(1), 1-5. https://lib-index.com/index.php/IJIS/article/view/IJIS_1_01_001