Researchers Claim High-Risk Vulnerabilities Found in 87% of All Container Images

Written by

An overwhelming majority of container images (87%) have been found to have high or critical vulnerabilities, with 90% of all granted permissions connected with containers not being used.

The claims come from a new report by unified cloud and container security firm Sysdig, who shared them with Infosecurity ahead of publication.

The new data also suggests that only 15% of all critical and high vulnerabilities with available fixes are in packages loaded at runtime. By filtering vulnerable packages in use, companies can focus their efforts on a smaller amount of the fixable vulnerabilities that represent genuine risk.

Additionally, the research document suggests that 59% of containers have no CPU limits defined, and 69% of all requested CPU resources typically remain unused, thus resulting in (often) significant overspending for companies.

Finally, Sysdig revealed that 72% of all containers live less than five minutes on average, a reduction of 28% compared to last year.

“Looking back at last year’s report, container adoption continues to mature, which is evident by the decrease in container life spans,” said Sysdig director of cybersecurity strategy Michael Isbitski.

“However, misconfigurations and vulnerabilities continue to plague cloud environments, and supply chains are amplifying how security problems manifest.”

In fact, according to the executive, this prevents organizations from gathering troubleshooting information and reinforces the need for security solutions to retain information despite the temporary nature of the cloud.

“Permissions management, for users and services alike, is another area I’d love to see people get stricter about,” Isbitski added.

The report analyzed more than seven million containers that Sysdig customers run daily. The company said it also pulled from public data sources like GitHub, Docker Hub and the Cloud Native Computing Foundation (CNCF).

Quality-wise, the anonymized data originates from container deployments across a wide range of industries and mid-market-to-large enterprise organizations. The customer data was analyzed across North and South America, Australia, the EU, the UK and Japan.

“This year’s report shows great growth and also outlines best practices that I hope teams adopt by the 2024 report, such as looking at in-use exposure to understand real risk and to prioritize the remediation of vulnerabilities that are truly impactful,” Isbitski concluded.

The Sysdig report comes months after CrowdStrike security researchers discovered a cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure.

What’s hot on Infosecurity Magazine?