While container scanning & security is becoming more widely adopted, it’s still not well-understood how these containers evolve over time from a security perspective. This includes understanding the long-term security posture of these containers, whether it is improving or declining as new vulnerabilities are discovered. 

 This talk will take a look at why handling vulnerabilities in containers is a really sticky problem to begin with, with known vulnerabilities requiring patching, as new vulnerabilities arise constantly, and many other vulnerabilities simply falling into a catchall bucket of "won't fix" . We'll show data visualizations of how the attack surface popular public container images have changed over the past year, highlighting the problem developers and DevSecOps teams are facing. But stick around to the very end, because on the upside, we'll wrap up with practical steps developers can take to stay on top of vulnerabilities and prevent their dev process from grinding to a halt.