Red Hat and Black Duck Partner on Open Source Container Security

Written by Christopher Tozzi
October 21, 2015

As container adoption via platforms such as Docker grows, who will keep containers free of security vulnerabilities? That's the quandary Red Hat (RHT) and Black Duck hope to solve through a partnership that focuses on security for open source containers.

As container adoption via platforms such as Docker grows, who will keep containers free of security vulnerabilities? That’s the quandary Red Hat (RHT) and Black Duck hope to solve through a partnership that focuses on security for open source containers.

Security issues in the container market are a real concern. A study by BanyanOps found this year that 30 percent of the images in the official Docker repository contain “high priority security vulnerabilities.” That risk is not lost on executives or IT admins, who cited security problems as a leading obstacle to container adoption in a survey Red Hat conducted this summer.

On Oct. 21, Red Hat and Black Duck announced a collaboration to screen containerized apps for security vulnerabilities and certify them to be free of risks. The offering will be based on Black Duck Hub, a service for scanning containers for security vulnerabilities, in combination with Red Hat’s OpenShift PaaS platform.

The companies also say that they “plan to include Black Duck technologies as a set of complementary services within Red Hat’s current container certification workflow for application builders such as Independent Software Vendors (ISVs).” That effort will be part of Red Hat’s comprehensive enterprise-focused container certification strategy, which it introduced in spring 2015.

Both companies see this move as a way to speed enterprise adoption of containers, especially those based on Linux and open source technologies. “A significant part of an enterprise-ready container strategy is the ability to trust the code across the entire lifecycle of a containerized application, from development to management,” said Lars Herrmann, general manager, Integrated Solutions at Red Hat. “This collaboration demonstrates Red Hat’s continued commitment to delivering not only Linux container-based innovation, but also the tools and ecosystem to help enterprises adopt containerized applications that are secure, certified and supported.”

Black Duck CEO Lou Shipley added, “Container technology is another breakthrough in the constant drive to increase development agility and get products to market more quickly. Speed and agility are key drivers for container adoption in the enterprise, but not at the expense of security. The Black Duck-Red Hat collaboration is rooted in the collective value that we deliver from an open source perspective, by helping to make containers safe for enterprise use.”