惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
The Hacker News
The Hacker News
AWS News Blog
AWS News Blog
Spread Privacy
Spread Privacy
T
Tenable Blog
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Securelist
P
Privacy & Cybersecurity Law Blog
Know Your Adversary
Know Your Adversary
T
The Exploit Database - CXSecurity.com
Latest news
Latest news
D
Darknet – Hacking Tools, Hacker News & Cyber Security
I
Intezer
F
Fortinet All Blogs
Engineering at Meta
Engineering at Meta
Simon Willison's Weblog
Simon Willison's Weblog
The Register - Security
The Register - Security
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
L
Lohrmann on Cybersecurity
C
Cyber Attacks, Cyber Crime and Cyber Security
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
H
Help Net Security
T
Threat Research - Cisco Blogs
D
DataBreaches.Net
S
Schneier on Security
Cyberwarzone
Cyberwarzone
Google DeepMind News
Google DeepMind News
P
Privacy International News Feed
S
Secure Thoughts
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recorded Future
Recorded Future
C
Cybersecurity and Infrastructure Security Agency CISA
MyScale Blog
MyScale Blog
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
IT之家
IT之家
人人都是产品经理
人人都是产品经理
NISL@THU
NISL@THU
博客园 - Franky
T
Tor Project blog
G
GRAHAM CLULEY
博客园 - 【当耐特】
Jina AI
Jina AI
Security Archives - TechRepublic
Security Archives - TechRepublic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
A
About on SuperTechFans
Hacker News - Newest:
Hacker News - Newest: "LLM"

The Register - Software: Virtualization

NodeWeaver says its perpetual licensing beats VMware’s perpetual price hikes NodeWeaver: Perpetual licensing beats VMware nickel-and-dime Microsoft cuts cloudy desktop prices by 20 percent Nutanix to add KubeVirt support to run VM on K8s at the edge Western Union zaps VMware and moves to Nutanix Nutanix thinks some Azure cloud desktops belong on-prem Nutanix thinks some Azure cloud desktops belong on-prem Nutanix brings its K8s to bare metal Half of VMware users plan to reduce usage by 2028 Xen Project announces five years of support for all releases Xen Project announces five years of support for all releases Broadcom says AI companies can’t make their own silicon One vendor doesn't mind high RAM prices: VMware NUC, NUC! Who’s there? ASUS with a thin client for cloud PCs Why flexibility will define the future of functionality AWS adds nested virtualization option for handful for EC2 Cisco set to release hypervisor as VMware alternative Cisco set to release hypervisor as VMware alternative Contain your Windows apps inside Linux Windows VMware scores early win in Siemens software licensing case Broadcom 'bulldozes' VMware CSPs with March deadline Microsoft to face questions over From SA program Dell wants £10m+ from VMware if Tesco case goes against it Lenovo has a hunch you’re about to try quitting VMware China crew abused ESXi zero-days a year before disclosure China crew abused ESXi zero-days a year before disclosure AWS adds hybrid cloud storage support for Nutanix Nutanix pushes sovereign cloud in another swipe at VMware Nutanix pushes sovereign cloud in another swipe at VMware VMware kills vSphere Foundation in parts of EMEA European cloud trade group says EU should have blocked VMware-Broadcom merger Researchers spot 700 percent increase in hypervisor attacks Researchers spot 700 percent increase in hypervisor attacks Proxmox delivers its software-defined datacenter contender Proxmox delivers its software-defined datacenter contender HPE positions Morpheus stack as alternative to VMware VMware re-states claim Siemens used unlicensed software VMware re-states claim Siemens used unlicensed software 70-hour work weeks no longer enough for Infosys founder Veeam bets on more VMware alternatives Veeam bets on more VMware alternatives Ford straps in as Xen Project drives toward automotive use Microsoft reveals new cloudy AI PC that’s not a Copilot+ PC VMware admits it over-specced storage servers for years Server virtualization market heats up to win VMware refugees Kubernetes overlords retire Ingress NGINX Broadcom creates a new Seal Of Approval for AI servers Broadcom creates a new Seal Of Approval for AI servers Rideshare giant dumps 200 cloudy Macs, saves $2.4 million IBM Cloud stops seeking new customers for its VMware service In Tesco vs. VMware, Computacenter warns, Dell, Broadcom VMware bungles cloud management portal upgrade, twice VMware bungles cloud management portal upgrade, twice Microsoft starts streaming cloudy apps instead of desktops Open source Cloud Hypervisor adds (futile) no-AI-code policy Proxmox delivers datacenter manager beta VMware to lose 35 percent of workloads in three years – some to its friends at ‘proper clouds’ VMware to lose 35 percent of workloads in three years Citrix products sold under old licenses to get glitchy Rethinking application delivery for the hybrid world VMware's in court again. Tesco latest in line Broadcom admits it’s sold a lot of VMware shelfware Supermarket giant Tesco sues VMware for breach of contract DOGE delayed deals, says Nutanix VirtualBox 7.2 fixes 3D guests, adds Arm-on-Arm support Cloudy PCs now often have lower TCO than laptops Platform9 pushes swing capacity workaround for VMware shifts Virtualization vet pushes out Proxmox VE 9, Backup Server 4 Oracle VirtualBox licensing tweak lies in wait for unwary EU cloud players want Europe to annul Broadcom’s VMWare buy How to host a Linux-powered local dev site in Windows VMware portal prevents some users from downloading patches VMware slows release cadence for flagship VCF suite Telefónica DE shifts VMware support to Spinnaker due to cost Citrix returns to hypervisor market without updating wares VMware’s rivals ramp efforts to create alternative stacks
Java devs want container security - not the hassle
Thomas Claburn Thomas Claburn · 2026-01-30 · via The Register - Software: Virtualization

Devops

Java developers want container security, just not the job that comes with it

BellSoft survey finds 48% prefer pre‑hardened images over managing vulnerabilities themselves

Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd rather delegate security to providers of hardened containers than worry about making their own container security decisions.

This finding comes from BellSoft, which offers the Liberica JDK, a free, open-source implementation of Java SE. The company says it surveyed 427 developers at Devoxx last year for its 2025 State of Container Security report. Its goal was to better understand decisions about containers, security, priorities, and practices.

The most important factor among the survey respondents in choosing a base container image was security (29 percent), followed by performance (21 percent), image size (17 percent), Java support (17 percent), ease of use (11 percent), license compliance (4 percent), and other (1 percent).

That's understandable given that almost one in four of the devs (23 percent) said they'd experienced container-related security incidents in the past year.

Yet the choices these developers make in terms of their software tools may be undermining their stated goals. About 55 percent rely on general-purpose Linux distributions and 69 percent use general-purpose JDKs. Such software, BellSoft argues, is bloated by unnecessary packages and thus requires extra work to secure and optimize compared to pre-hardened options.

That might be manageable were it not for unreliable people. According to the respondents, 62 percent of container security mistakes came from human error, followed by patching difficulties (36 percent), gaps before patch availability (32 percent), and false positives from scanning tools (29 percent).

And these issues were compounded by organizational time and resource constraints (49 percent) and lack of organizational prioritization (36 percent).

Respondents revealed various approaches to dealing with container security. These range from relying on trusted container registries (45 percent), vulnerability scanning (43 percent), software bill-of-materials (SBOM) generation (18 percent), image signing (16 percent), and hardware isolation (6 percent). Ten percent said their organization took no additional security measures beyond standard tools.

"Across every section of the survey, one message repeats consistently: Teams want security, efficiency and simplicity but their current strategies and tooling makes this difficult to achieve," BellSoft CEO Alex Belokrylov said in a statement.

Belokrylov argues that adopting hardened images shifts the burden of security and maintenance to the image vendor, thereby reducing maintenance and cost burdens.

BellSoft elicited these findings despite, or perhaps because of, the wide use of AI tools.

Marketing VP Maria Gladkaya told The Register in an email that while AI didn't come up in the responses this year, the 2024 survey revealed that 74 percent of developers were using AI to write code. ®