In my previous on article on Docker Security, I wrote that containers do not contain. In this second part, I cover the security features that have been added to Docker to attempt to control processes within a container.
This article is based on a talk I gave at DockerCon this year. It will discuss Docker container security, where we are currently, and where we are headed. This is part of a series on Docker security, read part two.
At this point, I have more usernames and passwords to juggle than any person should ever have to deal with. I know I'm not alone, either. We have a surfeit of passwords to manage, and we need a good way to manage them so we have easy access without doing something silly like writing them down where... Read more
The Open Web Application Security Project (OWASP) is a not-for-profit charitable organization focused on improving software security. OWASP works on the principles of open source software, particularly the idea that the community is the force of creation and contribution. The unique aspect here is... Read more
It’s been a while since I started to talk to people in the financial services ecosystem about our approach towards open source. At first, most of them thinking we were either bold, ahead of our time, or mad would listen to our story but would not really comment: "Let’s see where it goes" or "good... Read more
The United States energy grid is composed of many moving and non-moving cyber security assets that all have to, to some degree, speak the same language. The language of machine-to-machine communications has become big business lately, however devices that control how the power gets from the plant... Read more
With all the benefits of open source, improper management of its use may result in substantial legal, business, and technical risks. Most research and design managers know that they have to manage open source licenses, but not many are monitoring for security vulnerabilities and other bugs in open... Read more
When Edward Snowden leaked intelligence files, a storm was triggered in the cloud, leaving a path of destruction. Snowden’s email provider Lavabit shut down. So has the email offering of Silent Circle. The Guardian ran a story declaring: Lavabit’s closure marks the death of secure cloud computing... Read more
Running students' submitted programs is a security challenge for any university Computer Science department. When Harvard University contacted me about some work they are doing with the "sandbox" tool on Fedora 17, we decided it would be a great opportunity to see how they could get more out of it... Read more
Meet David A. Wheeler. He's a Research Staff Member for the Institute for Defense Analyses (IDA) and a well-known speaker, author, and expert on open source software and security. He helped develop the Department of Defense's open source software policy and FAQ and has written other guidance... Read more