As container adoption via platforms such as Docker grows, who will keep containers free of security vulnerabilities? That's the quandary Red Hat (RHT) and Black Duck hope to solve through a partnership that focuses on security for open source containers.

Christopher Tozzi, Contributing Editor

October 21, 2015

2 Min Read
Red Hat and Black Duck Partner on Open Source Container Security

As container adoption via platforms such as Docker grows, who will keep containers free of security vulnerabilities? That’s the quandary Red Hat (RHT) and Black Duck hope to solve through a partnership that focuses on security for open source containers.

Security issues in the container market are a real concern. A study by BanyanOps found this year that 30 percent of the images in the official Docker repository contain “high priority security vulnerabilities.” That risk is not lost on executives or IT admins, who cited security problems as a leading obstacle to container adoption in a survey Red Hat conducted this summer.

On Oct. 21, Red Hat and Black Duck announced a collaboration to screen containerized apps for security vulnerabilities and certify them to be free of risks. The offering will be based on Black Duck Hub, a service for scanning containers for security vulnerabilities, in combination with Red Hat’s OpenShift PaaS platform.

The companies also say that they “plan to include Black Duck technologies as a set of complementary services within Red Hat’s current container certification workflow for application builders such as Independent Software Vendors (ISVs).” That effort will be part of Red Hat’s comprehensive enterprise-focused container certification strategy, which it introduced in spring 2015.

Both companies see this move as a way to speed enterprise adoption of containers, especially those based on Linux and open source technologies. “A significant part of an enterprise-ready container strategy is the ability to trust the code across the entire lifecycle of a containerized application, from development to management,” said Lars Herrmann, general manager, Integrated Solutions at Red Hat. “This collaboration demonstrates Red Hat’s continued commitment to delivering not only Linux container-based innovation, but also the tools and ecosystem to help enterprises adopt containerized applications that are secure, certified and supported.”

Black Duck CEO Lou Shipley added, “Container technology is another breakthrough in the constant drive to increase development agility and get products to market more quickly. Speed and agility are key drivers for container adoption in the enterprise, but not at the expense of security. The Black Duck-Red Hat collaboration is rooted in the collective value that we deliver from an open source perspective, by helping to make containers safe for enterprise use.”

Read more about:

AgentsMSPsVARs/SIs

About the Author(s)

Christopher Tozzi

Contributing Editor

Christopher Tozzi started covering the channel for The VAR Guy on a freelance basis in 2008, with an emphasis on open source, Linux, virtualization, SDN, containers, data storage and related topics. He also teaches history at a major university in Washington, D.C. He occasionally combines these interests by writing about the history of software. His book on this topic, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” is forthcoming with MIT Press.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like