Presumably something like CoreOS which makes extensive use of containers and any security feature it can get its hands on.
If I personally put my own opinion on it, I don't like unnecessary use of containers because the model gives you a lot of outdated dependencies, and I'm not sure whether containing a vulnerability once it happens is that noteworthy.
Old skool "use good, secure code. update dependencies" and not focusing on containing a vulnerability produces a much safer system IMO.
If I personally put my own opinion on it, I don't like unnecessary use of containers because the model gives you a lot of outdated dependencies, and I'm not sure whether containing a vulnerability once it happens is that noteworthy.
Old skool "use good, secure code. update dependencies" and not focusing on containing a vulnerability produces a much safer system IMO.