Docker: Docker @ Black Hat 2025: CVEs have everyone’s attention, here’s the path forward

Aug 15, 2025

—

Source URL: https://www.docker.com/blog/docker-black-hat-2025-secure-software-supply-chain/
Source: Docker
Title: Docker @ Black Hat 2025: CVEs have everyone’s attention, here’s the path forward

Feedly Summary: CVEs dominated the conversation at Black Hat 2025. Across sessions, booth discussions, and hallway chatter, it was clear that teams are feeling the pressure to manage vulnerabilities at scale. While scanning remains an important tool, the focus is shifting toward removing security debt before it enters the software supply chain. Hardened images, compliance-ready tooling, and…

AI Summary and Description: Yes

Summary: The text discusses insights from Black Hat 2025, highlighting the growing focus on managing vulnerabilities in the software supply chain, particularly through the use of Docker Hardened Images. It underscores a shift towards establishing secure, compliant foundations from the outset, with implications for DevSecOps and AI security.

Detailed Description: The conversation at Black Hat 2025 emphasized several key themes regarding vulnerability management and secure software development practices. The focus was not only on identifying vulnerabilities but also on preventing them from entering the software supply chain in the first place, underlining the critical importance of proactive security measures.

– **Key Themes Identified:**
– **Vulnerability Management:** Teams are increasingly feeling the pressure to manage vulnerabilities at a large scale, with a shift from reliance solely on vulnerability scanning to proactive practices that eliminate security debt early in the process.
– **Zero-CVE Basis:** There is a demand for secure, zero-CVE starting points. Integrating hardened images can significantly reduce the risks associated with vulnerabilities from the outset.
– **Customization for Enterprises:** The ability to customize minimal images remains crucial for enterprises, allowing them to run mission-critical applications securely while still inheriting updates from base images.
– **Interest in Regulated Industries:** There is a notable expansion of hardening practices within regulated industries, with an upswing in demand for FedRAMP-ready images that facilitate compliance.
– **AI Security Patterns:** Insights from AI discussions reveal that proven container security patterns—such as isolation and pre-runtime validation—can effectively protect emerging AI workloads without necessitating a complete overhaul of existing security frameworks.
– **Collaborative Ecosystems:** The importance of partnerships in security was underscored, particularly in reducing alert fatigue and focusing on exploitable risks through enhancements in technology partnerships, like those between Docker and Wiz.

This holistic view not only emphasizes the ongoing evolution of security practices within tech communities but also points toward the necessity of aligning product offerings—like Docker Hardened Images—with the security needs and regulatory requirements of modern enterprises. The clear takeaway for security and compliance professionals is the critical role of proactive measures, collaboration, and tailored security solutions in navigating the complexities of today’s software security landscape, especially in light of emerging AI technologies.

The event indicates a growing demand for solutions that facilitate compliance and security effectively, with Docker reinforcing its commitment to addressing these needs in its roadmap.

2 2025 5 a Act ads age AGI AI AI security AI technologies AI workloads alert fatigue All and app Application applications art as at ated Bi black Black Hat C chain chat CI CIA CleaR co Col collaboration collaborative collaborative ecosystem commit compliance compliance professionals container container security conversation core critical critical applications cross customization CVE CVEs D day de debt demand development development practices DevSecOps Docker Docker Hardened Images e ecosystem ecosystems EDR effective emerging enterprise enterprises ERP event exp Expansion exploit Fed FedR FedRAMP first for framework frameworks g Go gs H hardened hardened images Hardening high Highlight HR http HTTPS image implications in insights inter io IRS isolation k Key l Labor land large led Li load low M man management measures mini mission Mode Modern N needs NGO no o of off on one only ons OPM ops ory oS oss out over partners partnership partnerships patterns point practices pre pro proactive proactive measures proactive security proactive security measures process product professionals ps Q R RCE re ready red regulated industries regulatory regulatory requirements Requirements Risk risks Ro Role RoT row RSA s Scale scanning sec SecOps secure secure software secure software development security security and compliance security debt security framework security frameworks security landscape security measure security measures security practices security solutions shift Sig size sizes SoC software software development software development practices software security software supply chain solutions source SSE SSO STAR start supply supply chain system systems T team Teams tech technologies technology technology partnerships ted text the Time to tool tooling Tor TP trie UI under up update updates ups US use V val Valid Validation vulnerabilities vulnerability Vulnerability Management vulnerability scanning Ware Wi Wiz workload workloads x z zero