NetRise's Latest Study Exposes Major Security Threats in Containerized Software Systems

NetRise's New Supply Chain Visibility & Risk Study

NetRise, a leader in software visibility solutions, has released its latest report titled "Supply Chain Visibility & Risk Study, Edition 2: Containers." This study reveals critical shortcomings in visibility and significant security challenges tied to software compositions in container environments.

Key Insights from the Report

Recently published findings indicate that containerized software systems represent one of the fastest-growing yet weakest links in the cybersecurity landscape. The study scrutinized the software components of 70 widely used container images from Docker Hub.

The Growing Adoption of Containers

According to Thomas Pace, CEO of NetRise, container technology is becoming increasingly popular due to its lightweight nature and ease of use in managing applications. However, as adoption rises, vulnerabilities are also becoming evident. With software supply chain attacks on the rise, understanding and mitigating risks associated with container usage is imperative for enterprises.

A report by Red Hat revealed that 67% of organizations have delayed application deployment over concerns regarding container security, while another report noted that 88% of enterprises plan to expand their use of containers in the next two years.

Complexities of Containerized Software

NetRise's researchers discovered that each analyzed container image averages 389 software components. This complexity necessitates new strategies for visibility, as a staggering one in eight components lacked formal manifests. Such gaps indicate traditional scanning tools might fall short in offering comprehensive analysis and risk mitigation.

The study’s findings outline an alarming average of 604 vulnerabilities per container, with 45% of these vulnerabilities being historical—some dating back over a decade. Moreover, a concerning 4% of the 16,557 identified Critical or High vulnerabilities have been weaponized by cybercriminals to spread ransomware.

Addressing the Risks

The report emphasizes an urgent need for organizations to move beyond assumptions of security based on blind trust. It proposes a structured approach for netting transparency into commercial software, including containers. To achieve this, enterprises must implement advanced technologies that facilitate comprehensive visibility into their software components.

NetRise highlighted the necessity for detailed Software Bills of Materials (SBOMs) that can elaborate on third-party libraries, dependencies, and potential risks—both known vulnerabilities and non-CVE risks such as misconfigurations.

Moving Forward

To foster an effective response to the prevalent risks, companies must prioritize the establishment of robust security frameworks that embrace proactive software transparency. This involves equipping security operations with advanced detection capabilities and strategies for managing vulnerabilities throughout the software lifecycle.

Conclusion

In conclusion, NetRise’s Supply Chain Visibility & Risk Study Edition 2 highlights the pressing issues surrounding containerized software and the inadequate risk management associated with current practices. By addressing these vulnerabilities head-on, organizations can take pivotal steps to enhance their cybersecurity resilience in an increasingly complex digital landscape.

For more in-depth analysis, the full report can be accessed on the NetRise website.