Securing Docker containers beyond traditional .deb packages


Last week I joined Mark Shuttleworth at the FinOS conference where he launched our new “Everything LTS” approach to secure Docker containers for enterprises for up to 12 years:

The idea is that customers will engage Canonical to design a Docker image of an open source application, or a base image that includes all of the open source dependencies to host their proprietary app. They get hardened distroless container images with a minimal attack surface and 12+ years CVE maintenance. The Docker image – an Open Container Initiative (OCI) standard container image format – will run natively on Ubuntu as well as public cloud K8s. Canonical will support these custom-built images on all of those platforms.

You may have seen reporting on this in the media, like in ZDNet:

This relates a little to earlier posts in this forum, like:

I would be really interested to hear what approaches others in this community are currently using to address this problem and how organisations are keeping their containers secure.