BellSoft Survey Finds Container Security Practices Are Undermining Developers’ Own Goals
Summary
A new survey by BellSoft, conducted among 427 developers, reveals that 23% have experienced a container-related security breach, indicating that container security incidents are becoming routine. The survey, released on February 10, 2026, highlights that current security practices and tools often exacerbate the problem by expanding the attack surface. Key issues include human error (cited by 62% of respondents), reliance on shells and package managers in base images (54% and 39% respectively), and the use of general-purpose Linux distributions like Ubuntu or Debian by 55% of teams. These practices introduce hundreds of unused packages, creating numerous potential vulnerabilities. Most teams employ reactive defenses such as trusted registries (45%) and vulnerability scanning (43%), with inconsistent patching cadences, leaving systems exposed for extended periods. Nearly 48% of developers believe pre-hardened, security-focused base images would significantly improve container security.
Key takeaway
For CTOs and VPs of Engineering evaluating containerization strategies, your current reliance on general-purpose base images and reactive security measures is likely increasing your attack surface and operational burden. You should prioritize adopting pre-hardened, minimal base images to reduce vulnerabilities, streamline patching, and shift maintenance responsibilities to specialized vendors, thereby enhancing security and lowering total cost of ownership.
Key insights
Current container security practices often increase attack surfaces and lead to frequent breaches due to human error and complex tooling.
Principles
- Minimize components in production images.
- Prioritize proactive security design over reactive defenses.
Method
Shift from general-purpose Linux distributions to pre-hardened, security-focused base images that remove unnecessary tools and packages by default, transferring maintenance to vendors.
In practice
- Adopt minimal base images for production.
- Automate patching with every release.
- Evaluate vendor-hardened images.
Topics
- Container Security
- Vulnerability Management
- Hardened Base Images
- Attack Surface Reduction
- Software Supply Chain Security
Best for: CTO, VP of Engineering/Data, Software Engineer, DevOps Engineer, Security Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by InfoQ.