Black Hat Sneak Preview: New Vulnerabilities Exposed in Docker Hub

Community ecosystems with vibrant member support have been the catalyst for faster innovation and shorter software development lifecycles in DevOps. Whether it is downloading code or contributing back to the community, organizations today rely heavily on open source software to drive their business. In fact, modern application development is more about assembling existing packages than writing new code. Developing new code takes time, and in the high-velocity world of DevOps it’s much easier and faster to download open source software and frameworks to get up and running quickly. As the adage goes, it’s better to “stand on the shoulders of giants” than to “reinvent the wheel.” But this adds tremendous security blind spots if security pros are not working closely with their DevOps counterparts. According to a study conducted by Sonatype, 20 percent of organizations reported suspected or confirmed breaches related to open source components, which was a 50 percent increase since 2014. In addition, a staggering 50 percent of organizations are not satisfied with their ability to understand known security vulnerabilities in open-source components. Security needs to be embedded early in the software development lifecycle (SDLC) in a non-intrusive way that avoids slowing...
Read more