Understanding Container Security Challenges: Insights from Developers and BellSoft Survey

Addressing the Challenges of Container Security in Software Development

In today's world where digital transformation is accelerating, container security issues are becoming increasingly prominent, bewildering software developers across the globe. A recent survey conducted by BellSoft, a prominent OpenJDK vendor recognized for enhancing the Java experience, sheds light on the pressing security challenges faced by developers in the container ecosystem.

Key Takeaways from the Survey

BellSoft's survey, shared at the Devoxx 2025 conference, included the responses of 427 developers who provided firsthand insights into their container security practices. The findings revealed that, despite significant advancements in container technology, fundamental questions about security protocols remain unresolved.

The Growing Frequency of Container Security Incidents

A striking 23% of the respondents reported experiencing at least one security incident related to containers. This statistic highlights that while detection mechanisms may have improved, the real hurdle lies in the time taken between a security issue being disclosed and the remediation process. During this vulnerable period, which can last for weeks or even months, organizations remain exposed to known risks.

Human Error as a Major Contributor

The survey pinpointed human errors as a critical factor in container-related security breaches, with 62% of developers acknowledging it as the leading issue. The results showed that developers primarily relied on essential tools for building and managing container images. Interestingly, tools such as shells (used by 54%) and package managers (utilized by 39%) emerged as fundamental yet potentially hazardous components. Package managers, in particular, amplify the attack surface by facilitating runtime installations of unnecessary tools, pushing the risk of vulnerabilities in live environments. The survey suggests that adopting hardened minimal runtime images could counteract these vulnerabilities, striking a balance between security and developmental demands.

Overuse of General-Purpose Linux Distributions

Moreover, 55% of respondents preferred using general-purpose Linux distributions, like Ubuntu or Red Hat systems, which come pre-equipped with numerous packages that often go unused in their applications. This redundancy not only contributes to a larger attack surface but also complicates patch management when new vulnerabilities arise. As a result, security teams often face daunting challenges in assessing the impact across potentially thousands of instances, increasing operational complexities.

Basic Security Approaches

Among the security mechanisms employed, 45% used trusted registries, while 43% conducted vulnerability scanning. These approaches indicate a reactive stance whereby developers are consistently responding to newly identified vulnerabilities. Alarmingly, the survey also revealed that while 31% of developers update their container images with every release, the remainder update them less frequently, thereby risking the integrity of their applications.

A Strategy for Improvement

Amid these pressing challenges, developers expressed a desire for better tools. A notable 48% agreed that pre-hardened, security-focused base images would greatly enhance their ability to secure containers. Such images could mitigate exposure to vulnerabilities and reduce operational costs, ultimately leading to more efficient application development processes.

Alex Belokrylov, CEO of BellSoft, encapsulated the survey's essence, stating, "Teams want security, efficiency, and simplicity, but their strategies often create obstacles to achieving these goals." The concept of adopting hardened images aims to alleviate this operational burden by transferring much of the security responsibility onto the image vendors.

Conclusion

In conclusion, while developers navigate the intricate landscape of container security, the insights gleaned from BellSoft's survey signal a collective need for enhanced security frameworks. Embracing hardened images not only promises a more efficient and secure environment but also fosters a culture of proactive risk management within software development practices. For those seeking to delve deeper into the findings, the complete 2025 State of Container Security report from BellSoft is available for further exploration.