Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday June 18 2017, @06:57AM   Printer-friendly
from the token-effort dept.

Submitted via IRC for TheMightyBuzzard

We are all aware of the risks introduced by good old third party code. Where would we be without it? Apparently not very far. It is estimated that between 30 to 70 percent of code comes from 3rd party applications. This is why we patch up old libraries and update open source packages.

While the risks of 3rd party code are well known, the risks of using 3rd party containers are more obscure. In this article I will discuss one such risk: the introduction of 3rd party secrets; and look at examples from public registries.

To get a taste of the prevalence of such secrets, we scanned the top 1,000 most popular container images found on public registries. We were not only looking for default passwords, but mostly for less obvious examples of secrets. We selected only the latest images, from the top starred public repositories. What we found convinced us that the risk is very real, as 67% of images had at least one form of a secret.

Source: https://www.helpnetsecurity.com/2017/06/16/trust-container-images/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Arik on Sunday June 18 2017, @08:09AM (1 child)

    by Arik (4543) on Sunday June 18 2017, @08:09AM (#527397) Journal
    Both appear to deliberately prevent the normal method of applying security patches to library code from working.

    ¿Cui buono?
    --
    If laughter is the best medicine, who are the best doctors?
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Sunday June 18 2017, @08:22AM

    by Anonymous Coward on Sunday June 18 2017, @08:22AM (#527399)

    If you can easily patch a flaw, then you can easily patch a flaw. Get what I mean?