"Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd rather delegate security to providers of hardened containers than worry about making their own container security decisions. This finding comes from BellSoft, which offers the Liberica JDK, a free, open-source implementation of Java SE. The company says it surveyed 427 developers at Devoxx last year for its 2025 State of Container Security report. Its goal was to better understand decisions about containers, security, priorities, and practices."
"That might be manageable were it not for unreliable people. According to the respondents, 62 percent of container security mistakes came from human error, followed by patching difficulties (36 percent), gaps before patch availability (32 percent), and false positives from scanning tools (29 percent). And these issues were compounded by organizational time and resource constraints (49 percent) and lack of organizational prioritization (36 percent)."
BellSoft surveyed 427 developers at Devoxx for a 2025 State of Container Security report. Security was the top factor (29%) when choosing a base container image, followed by performance (21%), image size (17%), and Java support (17%). Nearly one in four developers (23%) experienced container-related security incidents in the past year. About 55% use general-purpose Linux distributions and 69% use general-purpose JDKs, which can introduce unnecessary packages and extra hardening work. Respondents attributed 62% of container security mistakes to human error, with patching difficulties and scanning false positives also cited. Time, resources, and low organizational prioritization compound the risks. Many rely on trusted registries and vulnerability scanning as mitigation.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]