— This post is part of a series of monthly blog posts about all kinds of Security topics for Developers —
Security experts, penetration testers, developers, administrators, and anyone else who creates or deploys software will often ask the question “Just how closely should I guard the version numbers of software and libraries that I use?”
Today, we are going to look at some answers to that question, and why we might choose one approach over another.
I started working with Docker at TOPdesk almost a year ago. Security is an interest of mine, so I did some research. You can’t look at Docker without thinking about Microservices, although they are separate topics. It is often said that Microservices can greatly improve your security. But also, that if you do it wrong, security can actually get worse.
So, what do you need to do to improve (Docker) security, rather than get rid of it? For most security concerns there is already a good solution, although not all of them are widely adopted. Let’s have a look at our concerns and how we take care of them.