NetRise has released a new report that explores software compositions, vulnerability risks, and non-CVE risks in different asset classes in every organization’s software supply chain. The report analyzes the scope and scale of the components and risks found across 70 of the most commonly downloaded Docker Hub container images.
Key findings from NetRise researchers include:
- After analyzing 70 randomly selected container images from 250 of Docker Hub’s most commonly downloaded images and generating a detailed SBOM, NetRise discovered that each container image had an average of 389 software components.
- NetRise found that one in eight components had no software manifest—they lacked the formal metadata typically found in manifests and details about dependencies, version numbers, or the package’s source.
- The average container had 604 known vulnerabilities in the underlying software components, with over 45% being 2 to 10+ years old; over 4% of the 16,557 identified CVEs with a Critical or High CVSS Severity ranking were weaponized vulnerabilities known by botnets to spread ransomware, used by threat actors, or used in known attacks; 4.8 misconfigurations per container, including 146 “world writable and readable directories outside tmp,” the containers had overly permissive identity controls with an average of 19.5 usernames per container.
You can read the report here.
Like this:
Like Loading...
Related
This entry was posted on December 10, 2024 at 8:50 am and is filed under Commentary with tags NetRise. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Supply Chain Visibility & Risk Research Reveals Containers Have 600+ Vulnerabilities On Average
NetRise has released a new report that explores software compositions, vulnerability risks, and non-CVE risks in different asset classes in every organization’s software supply chain. The report analyzes the scope and scale of the components and risks found across 70 of the most commonly downloaded Docker Hub container images.
Key findings from NetRise researchers include:
You can read the report here.
Share this:
Like this:
Related
This entry was posted on December 10, 2024 at 8:50 am and is filed under Commentary with tags NetRise. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.