Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Docker mulls scanning software for known security vulnerabilities

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

May 11, 2016

It looks like Docker might be in the process of developing a new concept that perhaps other platforms could potentially incorporate-- scanning software components for publicly known security vulnerabilities prior to their deployment.

The software container firm will announce Docker Security Scanning (DSS) which scours private repositories in the Docker Cloud for recognized security issues and then alerts developers if any are found.

The potentially new feature will be expanded to Docker Datacenter customers later in the fall.

Specifically, this opt-in service scans a Docker image when it is pushed to the Docker cloud, and programmatically builds a bill-of-materials (BOM) of the image's software components.

It then runs the BOM against a set of security vulnerability databases, including the U.S. government-backed National Vulnerability Database (NVD).

If a library or some other dependency in the image is known to harbor exploitable programming flaws, an alarm is raised, and its developers can step in to fix the problem, hopefully by selecting a corrected version to include in the image.

Right now, the team at the Docker Security Scanning department is studying the operating system components, application-level libraries, programming-language modules, etc.

It sure can't find bugs in developers' own code, but it can still stop them from pulling in insecure dependencies when patched versions exist, however.

Nathan McCauley, director of security at Docker, told us that he wanted to make patching as easy as possible for all Docker users and to be able to update a dependency in an application even if it's an important or critical security patch.

With the security vulnerability scanner enabled, it's hoped that known vulnerable code can be blocked before it's deployed, thus minimizing security issues down the line.

It's actually not a bad idea that could be extended to other platforms. "I want the entire Docker ecosystem to have the tooling to ensure its users are secure," asserted McCauley.

"One of the most important elements in a secure software supply chain is making sure that you are on top of patching. In some organizations, updating is a hard process and really difficult. I saw an opportunity with Docker to improve this process. Docker presents a window of opportunity in which we can make things dramatically better and I felt it was worth doing," he added.

The concept is to simply scan signed images as they are pushed by developers to a registry. If they pass the bug scans, IT personnel can deploy the images to production systems as containers.

This technology was previously known as Project Nautilus, which showed its head at the Docker Conf-Europe event in Spain in November 2015.

In a statement, Docker explains-- "Docker Security Scanning is available today to Docker Cloud users with a private repo plan, expanding to include all Docker Cloud repo users by the end of Q3 2016. Pricing begins at $2 per repo as an add-on service for private repo plans. Docker Security Scanning will also be available as an integrated feature in Docker Datacenter during the second half of 2016."

Source: Docker.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer