• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 17,000 monthly views and 220,000 clicks per month, as per Google Analytics! Thank you for your support! 🎉

Docker Brings Secure Hardened Images Catalog to Small Businesses at Lower Cost

johny899

New Member
Content Writer
Messages
522
Reaction score
3
Points
23
Balance
$611.3USD
Did you catch the news from Docker? Their Hardened Images Catalog is now cheaper and more accessible for small businesses, meaning small companies can now have enterprise-secure container images without the huge cost of technology. This is terrific!

As someone who has been using Docker for years, I think this is a great advancement for developers like us that want better security at a low cost because of a lack of company dollars. Let's discuss what this really means for us and why it's important to us now.

What are Hardened Images?​

A hardened image is a tighter, cleaner, and safer version of your more common Docker images (Debian, Alpine, and so on). Docker is removing unnecessary components, fixing known bugs, and keeping these images up to date. The intent is to remove security risk.

Here’s what makes them unique:

Smaller and safer – Up to 95% less attack surface by stripping out extra functionality

Fast fixes – Docker promises to fix security issues in 7 days.

Easier to work with – Depending on your use case you change one line in your Dockerfile

Proven secure – Security standards are reviewed and validated by independent experts

These images can also work with VEX (Vulnerability Exploitability eXchange), which helps you filter out focus on actual important risks.

Why This Matters for Small Business​

Until now, only larger organizations had funding for this level of security. Smaller teams used to have to forge and build their own secure images which takes substantially longer and harder.

With Docker on the scene, it has simplified the following:

• You have access without limitations to all hardened images.

• Images can be now cross-referenced to something called VEX (Vulnerability Exploitability eXchange) which allows you to only worry about real threats that are commercially significant.

What You Can Use It For​

Docker’s catalogue consists of images for things like:

• AI and machine learning

• Programming languages, like Python

• Databases like PostgreSQL

• Infrastructure tools, like Kafka

• Event FedRamp-ready editions for companies who require strict security monitoring

Switching to these is easy - just change your base image line and off you go.

Just a couple things to keep in mind...

No security tool is foolproof. A few things to keep in mind:

  • Fresh bugs (often referred to as zero-days) can always make an appearance.
  • A patch time of 7 days is considered quick — but not immediate.
  • You should always test your new patches before overwriting your old images.
That all being said, it's a large step forward for small teams who desire safer software without significant overhead.

My Personal Opinion​

I remember spending days remediating Docker images which included security-based warnings. It was painful and boring. If I had a Hardened Images Catalog back then, it would have saved me countless hours.

It feels as though Docker is trying to help out the "little guy" — the small dev team which does not have the availability of someone dedicated to security full time. Creating strong security an affordable, compliant, and simple process (Maybe a new idea as well).
 
You must log in or register to reply here.
Menu
Log in
Register