A team of researchers from UWE Bristol has carried out a major new study into the evolving security landscape of modern cloud infrastructures. The study, recently published in the journal Computers and Security, examines container security for more than 400 applications and services over a 9-month period, to assess what security vulnerabilities these services have and how often these vulnerabilities are resolved. The results show many cases where vulnerabilities remain persistent even when updated versions of the application are released. However, we also investigate the true nature of these vulnerabilities, in order to assess the real risk of using these services in local and remote contexts, recognizing that although some security scans may highlight a vulnerability, this cannot really be exploited given the real nature of these vulnerabilities. application use case.
Alan Millssays the lead author of the study “Container security is a growing area of concern, with the increasing use of microservices we need to ensure cybersecurity keeps pace, while avoiding common pitfalls around vulnerability assessment. By evaluating container security over an extended period of time and analyzing our results across multiple areas, all with a focus on real-world risks, we present results that inform other academic studies and industrial decision-making.
The study was carried out in collaboration with Jonathan White And Professor Phil Legg. Alan is currently a lecturer in cybersecurity and studying for a part-time PhD on the topic of container and cloud security.
The paper, Longitudinal risk-based security assessment of Docker software container images, is now available in open access in the journal Computers and Security.