🇦🇺𝕄𝕦𝕟𝕥𝕖𝕕𝕔𝕣𝕠𝕔𝕕𝕚𝕝𝕖@lemm.ee to Programmer HumorEnglish · 1 day agoWorks on my machinelemm.eeimagemessage-square81fedilinkarrow-up11.05Karrow-down118
arrow-up11.03Karrow-down1imageWorks on my machinelemm.ee🇦🇺𝕄𝕦𝕟𝕥𝕖𝕕𝕔𝕣𝕠𝕔𝕕𝕚𝕝𝕖@lemm.ee to Programmer HumorEnglish · 1 day agomessage-square81fedilink
minus-squareMajorHavoclinkfedilinkarrow-up9arrow-down1·edit-24 hours agoOof. I’m anxious that folks are going to get the wrong idea here. While OCI does provide security benefits, it is not a part of a healthly security architecture. If you see containers advertised on a security architecture diagram, be alarmed. If a malicious user gets terminal access inside a container, it is nice that there’s a decent chance that they won’t get further. But OCI was not designed to prevent malicious actors from escaping containers. It is not safe to assume that a malicious actor inside a container will be unable to break out. Don’t get me wrong, your point stands: Security loves it when we use containers. I just wish folks would stop treating containers as “load bearing” in their security plans.
Oof. I’m anxious that folks are going to get the wrong idea here.
While OCI does provide security benefits, it is not a part of a healthly security architecture.
If you see containers advertised on a security architecture diagram, be alarmed.
If a malicious user gets terminal access inside a container, it is nice that there’s a decent chance that they won’t get further.
But OCI was not designed to prevent malicious actors from escaping containers.
It is not safe to assume that a malicious actor inside a container will be unable to break out.
Don’t get me wrong, your point stands: Security loves it when we use containers.
I just wish folks would stop treating containers as “load bearing” in their security plans.
This