Adrian Mouat, Chief Scientist at Container Solutions, provides guidance and advice for developing container security policies and procedures in this O’Reilly report. Mouat addresses threats such as kernel exploits, DoS attacks, container breakouts, and poisoned images throughout the report with solutions that include defense-in-depth (using the analogy of a castle’s layered defenses) and least privilege.
Today you will find multiple Red Hat developers among the leading contributors to Docker, just as we've done in Kubernetes. We've taken our initial work on container orchestration and our experience from running OpenShift over the past 5 years and are using that to help drive capabilities in Docker, together with Docker, Inc and other contributors.
OpenShift, based on top of Docker containers and the Kubernetes container cluster manager. OpenShift is a distribution of Kubernetes optimized for enterprise application development and deployment, used by OpenShift and Atomic Enterprise. OpenShift adds developer and operational centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams and applications.