Your cloud provider hosts a lot of images, if they’re even mildly successful. There is no legal onus to keep images patched/fixed/rev’d. Our industry provides no inherent mechanism to provide an image Good Until Date. The potential poisoning of moldy cloud images scares the hell out of me. No two OS vendors do patch/fix/revision control quite the same way.
I’ve heard various statistics bandied about that claim that the top five cloud providers may host more than 300 million images at any particular time of day. These images are getting moldy. Ever see any of the big cloud hosting companies put a freshness date on their stuff? Me neither.
Some of these images (and internal binaries) are containers or VMs. Their lifecycle might be measured in hours, but it could be in days, weeks, or even years. None of them are guaranteed to be up-to-the-minute patched/fixed/rev’d. Inside of the images, varying degrees of binaries that are running are also at a similar unknown patch level. Black mold is possible. Think: the state of Thanksgiving leftovers remaining in your fridge.
To read this article in full or to leave a comment, please click here