July 13, 2018

IDG Contributor Network: Deep container inspection: What the Docker Hub Minor virus and XcodeGhost breach can teach about containers

The concepts of trust and security are different, but often confounded. They are similarly nuanced as the difference between threats and vulnerabilities, but I’ll save that for another day. The difference between trust and security was highlighted recently because it was discovered that there had been more than 5 million downloads of a cryptocurrency miner virus from DockerHub. A few years back, the XCodeGhost malware infected 39 iOS apps, including WeChat and something I use personally, CamScanner. This impacted hundreds of millions of users. These two incidents highlight a serious security problem—to feel confident in your software supply chain, you have to do both of the following:

To read this article in full, please click here

Leave Comment

Your Name *
Your Email *
Your Website

Comment *