Source in German: https://heise.de/-4785175
Link to study (English): https://arxiv.org/pdf/2006.02932.pdf
Study: 80% of certified docker images have severe security vulnerabilities
A detailed investigation of 2500 docker images provided on Docker Hub revealed some hair-raising safety deficiencies. Of all things, the certified images proved to be the worst. A study by Norwegian scientists showed that 82 percent of them contained at least one serious or even critical vulnerability.
Most exposed are the so-called community images; 8 out of 10 entries in the top 10 most vulnerable images belong to this category. The researchers found no security problems in only 18% of all images.
Quality in stages
Docker is a Free Software to isolate applications in a virtual container. The Docker Hub online service is home to around 3.5 million Docker images, making it the largest repository for containers. These are divided into four categories: Community, Verified, Certified and Official. Anyone can provide community images; for Verified, the creator must be registered with the Docker Technology Partner Program.
Certified means that the images take into account certain best practices and undergo automated baseline tests. Only for the Status Official a team of dockers explicitly checks the images for security problems. This apparently pays off, because the researchers found the fewest serious gaps in this category. But even there, the figure was still 46 percent. This strongly suggests that security-conscious docker users should harden their installations afterwards or at least seal them off with strict access restrictions.
Translated with www.DeepL.com/Translator (free version)