Team CryptoInsightfull 
A team of UWE Bristol researchers have conducted a major new study into the evolving security landscape of modern cloud infrastructures. The study, recently published in the Computers and Security journal, investigates container security for over 400 applications and services over a 9-month period, to assess what the security vulnerabilities of these services are, and the frequency of when these vulnerabilities are resolved. The findings show many cases where vulnerabilities remain persistent even when updated versions of the application are released. However, we also investigate the real-world nature of these vulnerabilities, to assess the true risk of utilising these services in both local and remote settings, recognising that whilst some security scans may highlight a vulnerability, the vulnerability can not actually be exploited given the use case of the application.
Alan Mills, lead author of the study says “Container security is a growing area of concern, with the increasing use of micro-services we need to ensure that cyber security keeps pace, while avoiding common pit falls around vulnerability assessment. By assessing container security over an extended time-period and analysing our results from multiple areas, all with a focus on real world risk, we present findings which inform further academic studies and industry-based decision making.”
The study was conducted in collaboration with Jonathan White and Professor Phil Legg. Alan is currently a Lecturer in Cyber Security studying for a part-time DPhil on the topic of container and cloud security.
The paper, Longitudinal risk-based security assessment of docker software container images, is now available as Open Access from the Computers and Security journal.
