Hacker News new | comments | show | ask | jobs | submit login

You have an SSL vulnerability, you need to patch the docker image, just like you'd have to patch a linux system.

Now you say something of substance!

Docker hosts pre-built images that have known exploits in them. They also bundle insecure versions of libraries with their software: https://github.com/docker/compose/issues/1601

I think the problem here is that people seem to assume that "application isolation" is synonymous with "security isolation." Your statement is true, the vulnerabilities are the same, but people don't seem to get that there is no "security story" for containers in the first place. That isn't their job.

Isn't one of the claims that if you patch the main OS (without changing the libraries..just patch like you would normally) with a new base image, that with the dockerfile you could re-setup the application in a matter of minutes?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact