Related papers: Managing Security Issues in Software Containers: From Practitioners Perspective

Managing Security Issues in Software Containers: From Practitioners Perspective

URL: http://arxiv.org/abs/2504.07707v1
Date: Thu, 10 Apr 2025 12:49:00 GMT
Title: Managing Security Issues in Software Containers: From Practitioners Perspective
Authors: Maha Sroor, Rahul Mohanani, Ricardo Colomo-Palacios, Sandun Dasanayake, Tommi Mikkonen,
Abstract summary: Security in containerized projects is a critical challenge that can lead to data breaches and performance degradation.<n>This research aims to explore security management in containerized projects by exploring how practitioners perceive the security issues.<n>Our analysis also identified the technical and non-technical enablers that can be utilized to enhance security.
Score: 7.7414952119949385
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Software development industries are increasingly adopting containers to enhance the scalability and flexibility of software applications. Security in containerized projects is a critical challenge that can lead to data breaches and performance degradation, thereby directly affecting the reliability and operations of the container services. Despite the ongoing effort to manage the security issues in containerized projects in software engineering (SE) research, more focused investigations are needed to explore the human perspective of security management and the technical approaches to security management in containerized projects. This research aims to explore security management in containerized projects by exploring how SE practitioners perceive the security issues in containerized software projects and their approach to managing such issues. A clear understanding of security management in containerized projects will enable industries to develop robust security strategies that enhance software reliability and trust. To achieve this, we conducted two separate semi-structured interview studies to examine how practitioners approach security management. The first study focused on practitioners perceptions of security challenges in containerized environments, where we interviewed 15 participants between December 2022 and October 2023. The second study explored how to enhance container security, with 20 participants interviewed between October 2024 and December 2024. Analyzing the data from both studies reveals how SE practitioners address the various security challenges in containerized projects. Our analysis also identified the technical and non-technical enablers that can be utilized to enhance security.

Related papers

Security Debt in Practice: Nuanced Insights from Practitioners [0.3277163122167433]
Tight deadlines, limited resources, and prioritization of functionality over security can lead to insecure coding practices.<n>Despite their critical importance, there is limited empirical evidence on how software practitioners perceive, manage, and communicate Security Debts.<n>This study is based on semi-structured interviews with 22 software practitioners across various roles, organizations, and countries.
arXiv Detail & Related papers (2025-07-15T14:28:28Z)
Towards Trustworthy GUI Agents: A Survey [64.6445117343499]
This survey examines the trustworthiness of GUI agents in five critical dimensions.<n>We identify major challenges such as vulnerability to adversarial attacks, cascading failure modes in sequential decision-making.<n>As GUI agents become more widespread, establishing robust safety standards and responsible development practices is essential.
arXiv Detail & Related papers (2025-03-30T13:26:00Z)
AISafetyLab: A Comprehensive Framework for AI Safety Evaluation and Improvement [73.0700818105842]
We introduce AISafetyLab, a unified framework and toolkit that integrates representative attack, defense, and evaluation methodologies for AI safety.<n> AISafetyLab features an intuitive interface that enables developers to seamlessly apply various techniques.<n>We conduct empirical studies on Vicuna, analyzing different attack and defense strategies to provide valuable insights into their comparative effectiveness.
arXiv Detail & Related papers (2025-02-24T02:11:52Z)
An Exploratory Study on the Engineering of Security Features [7.588468985212172]
We study how security features of software systems are selected and engineered in practice.<n>Based on the empirical data gathered, we provide insights into engineering practices.
arXiv Detail & Related papers (2025-01-20T15:37:53Z)
Leveraging Security Observability to Strengthen Security of Digital Ecosystem Architecture [0.0]
complexity poses significant challenges for both observability and security in a digital ecosystem.<n>Observability allows organizations to diagnose performance issues and detect anomalies in real time.<n>Security is focused on protecting sensitive data and ensuring service integrity.<n>This paper examines the interconnections between observability and security within digital ecosystem architectures.
arXiv Detail & Related papers (2024-12-07T11:17:29Z)
LabSafety Bench: Benchmarking LLMs on Safety Issues in Scientific Labs [75.85283891591678]
Artificial Intelligence (AI) is revolutionizing scientific research, yet its growing integration into laboratory environments presents critical safety challenges.<n>Large language models (LLMs) increasingly assist in tasks ranging from procedural guidance to autonomous experiment orchestration.<n>Such overreliance is especially hazardous in high-stakes laboratory settings, where failures in hazard identification or risk assessment can result in severe accidents.<n>We propose the Laboratory Safety Benchmark (LabSafety Bench), a comprehensive framework that evaluates LLMs and vision language models (VLMs) on their ability to identify potential hazards, assess risks, and predict the consequences of unsafe actions in lab environments.
arXiv Detail & Related papers (2024-10-18T05:21:05Z)
Cyber Security in Containerization Platforms: A Comparative Study of Security Challenges, Measures and Best Practices [1.4901625182926226]
The paper reviews the comparative study of security measures, challenges, and best practices with a view to enhancing cyber safety in containerized platforms. This review is intended to give insight into the enhanced security posture of containerized environments.
arXiv Detail & Related papers (2024-04-28T06:22:25Z)
Automated Security Findings Management: A Case Study in Industrial DevOps [3.7798600249187295]
We propose a methodology for the management of security findings in industrial DevOps projects. As an instance of the methodology, we developed the Security Flama, a semantic knowledge base for the automated management of security findings.
arXiv Detail & Related papers (2024-01-12T14:35:51Z)
The Last Decade in Review: Tracing the Evolution of Safety Assurance Cases through a Comprehensive Bibliometric Analysis [7.431812376079826]
Safety assurance is of paramount importance across various domains, including automotive, aerospace, and nuclear energy. The use of safety assurance cases allows for verifying the correctness of the created systems capabilities, preventing system failure.
arXiv Detail & Related papers (2023-11-13T17:34:23Z)
Leveraging Traceability to Integrate Safety Analysis Artifacts into the Software Development Process [51.42800587382228]
Safety assurance cases (SACs) can be challenging to maintain during system evolution. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
arXiv Detail & Related papers (2023-07-14T16:03:27Z)
Towards Safer Generative Language Models: A Survey on Safety Risks, Evaluations, and Improvements [76.80453043969209]
This survey presents a framework for safety research pertaining to large models. We begin by introducing safety issues of wide concern, then delve into safety evaluation methods for large models. We explore the strategies for enhancing large model safety from training to deployment.
arXiv Detail & Related papers (2023-02-18T09:32:55Z)
Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.