Hi All,

I work for a tech start up where VM and Docker are used for development purposes.

In a security review we were discussing how Docker could pose a serious threat if developers are using uncertified images as part of trials and testing.

Trying to balance the risk against innovation is always a risk balanced decision; however, 1 scenario which has been discussed is:

An image is download containing malicious code to enable network sniffing, i.e. setting a network card outside the container, which is part of the native Windows/Linux build, to monitor/promiscuous mode, which then sends traffic to a malicious actor.

Acknowledging native end point monitoring software will detect some suspicious activity, what are the collective thoughts around securing Docker as much as reasonably practicable without stifling innovation?

Grateful as always for your contributions.