State of the Art of Container Security • Adrian Mouat & Charles Humble

Adrian Mouat of Chainguard delves into container security, highlighting the flaws of traditional Linux distributions in modern, immutable environments. He explains Chainguard's approach of using 'distroless' images built from source with their Wolfi OS to achieve near-zero CVEs. The discussion covers the importance of replacing rather than updating containers, the roles of SBOMs and attestations, and key lessons from major supply chain attacks like the XZ Utils backdoor.