Features

VMware’s Dirk Hohndel: Why Container Security Has No Easy Answers

We need to get serious about container compliance and security, presses VMware’s Chief Open Source Officer Dirk Hohndel in a recent The New Stack Makers podcast.

In a conversation with host Alex Williams and fellow guest Andrew Wilson, former Chief Open Source Compliance Officer at Intel, Dirk makes the case for pushing back against DevOps practices that historically prioritized speed and efficiency over long-term sustainability.

Today’s container infrastructure, he observes, “is based on the assumption that you download binaries from Docker Hub, then possibly add layers on top of them and run them in your production environment—and there is very little in this infrastructure that helps you identify what is the actual content of those binaries.”

The trio discusses what that means for container compliance and security, what we should be doing differently to create containers that are traceable and trustworthy, and whose responsibility it is to come up with a solution.

While neither the challenge nor the potential fixes are simple, Dirk and Andrew agree that a solution is within reach. We can look to the early years of the open source movement for both ideas and inspiration, and to VMware’s success in ensuring container compliance and security in vSphere.

Part of the problem stems from the business models under which containers have been developed so far, Dirk suggests. Perhaps there’s an entrepreneurial solution to be had here.

To hear Dirk’s pitch for container security as a business opportunity, along with his and Andrew’s thoughts on how blockchain, regulation, and best maintenance practices all add to the mix, check out the full podcast here or click play below.