Dark Matters: The Security Abyss of Distroless Containers

Explore the hidden vulnerabilities and security challenges of distroless containers in this 25-minute conference talk from Ubuntu Summit 2023. Delve into the findings of Rezilion Research's 2023 report on undetected vulnerabilities in popular open source containers. Learn about potential mitigation strategies, including the implementation of Software Bill of Materials (SBOM) and the use of build tools like Chisel. Discover how Chisel combines the advantages of both distro and distroless approaches to create secure, stable, and ultra-small chiselled Ubuntu containers while maintaining a smooth development experience. Gain insights into comprehensive software transparency and the importance of addressing hidden security risks in container design.

Dark matters: the security abyss of distroless containers