Strategies for Container-Related Incidents Impact Security Goals

A recent survey from BellSoft, a software products and technologies company that primarily contributes to OpenJDK, found that the tools and strategies organizations use to protect themselves against container-related incidents are undermining their overall security goals.

427 developers provide insights into often flawed security practices

While the container ecosystem continues to mature, this report emphasizes that there are still fundamental questions about security practices in this space.

BellSoft surveyed 427 developers for this report, which provided insights into how developers select and build container images, the security practices they follow, the challenges they encounter, and how current security practices can fall short of helping them achieve their goals.

Key findings from the survey point to gaps between disclosure and remediation efforts

Among the report’s key findings is that nearly one in four respondents (23 percent) said they have experienced a security incident. 

The report reveals that the gap between disclosure and remediation is the issue, not detection.

49 percent of respondents said that time and resource constraints are a primary challenge in maintaining container security.

Additionally, the report found that root causes can range from strategy to tooling to human error:

• 62 percent of those surveyed said human error was the biggest contributor to container security mistakes.
• 54 percent of developers said that shells were the most essential tools inside the base container, while 39 percent said package managers were. Package managers expand the attack surface both directly and through enabling the runtime installation of additional unnecessary components.
  • BellSoft says that combining these with other non-essential tools creates substantial vulnerability exposure in production environments. A more practical approach is to use hardened minimal runtime images, paired with fuller “debug builds” during development, to enable both security and diagnostics without compromise.
• 55 percent reported using general-purpose Linux distributions (Ubuntu/Debian or Red Hat-based systems) with hundreds of packages that their applications never use.
  • According to BellSoft, each of these represents a potential vulnerability that requires a security patch, and when a vulnerability emerges, security teams must evaluate its impact and coordinate across thousands of instances.
• 45 percent said trusted registries, and 43 percent said vulnerability scanning, were the most commonly employed security mechanisms.
  • These are basic approaches to container security, BellSoft says, in which organizations constantly respond to newly discovered vulnerabilities rather than building foundations to minimize exposure.
• 31 percent say they update container images with every release, while 26 percent do so only when critical vulnerabilities emerge. 
• Further, 33 percent update images monthly, rarely, or only a few times annually, which creates a substantial risk to applications and organizations.

Potential solutions include the adoption of hardened images

“Across every section of the survey, one message repeats consistently: Teams want security efficiency and simplicity, but their current strategies and tooling makes this difficult to achieve,” said Alex Belokrylov, CEO at BellSoft. 

“By adopting hardened images, much of the ongoing security and maintenance responsibility shifts to the image vendor, reducing operational burden and total cost of ownership, while enabling more stable, low-maintenance, and highly secure container environments,” Belokrylov continued.

Additionally, in addressing the container security problem, 48 percent said pre-hardened, security-focused base images would be most helpful for ensuring container security.

Hardened vendor-maintained images address the root causes of modern container security challenges. They help reduce vulnerability exposure, operational strain, cloud costs, and the risk of human error.

When considering security goals and posture, channel organizations must also account for the risks AI now poses. Read more about the risks executives think are the biggest concern in 2026.