Hello,
Last week I joined Mark Shuttleworth at the FinOS conference where he launched our new “Everything LTS” approach to secure Docker containers for enterprises for up to 12 years:
https://canonical.com/blog/canonical-offers-12-year-lts-for-any-open-source-docker-image
The idea is that customers will engage Canonical to design a Docker image of an open source application, or a base image that includes all of the open source dependencies to host their proprietary app. They get hardened distroless container images with a minimal attack surface and 12+ years CVE maintenance. The Docker image – an Open Container Initiative (OCI) standard container image format – will run natively on Ubuntu as well as public cloud K8s. Canonical will support these custom-built images on all of those platforms.
You may have seen reporting on this in the media, like in ZDNet:
https://www.zdnet.com/article/canonicals-distroless-linux-images-are-a-game-changer-for-enterprises/
This relates a little to earlier posts in this forum, like:
I would be really interested to hear what approaches others in this community are currently using to address this problem and how organisations are keeping their containers secure.