Build and Deployment -> Patch Management: Usage of a short maximum lifetime for images
Risk and Opportunity
Risk: Vulnerabilities in running containers stay for too long and might get exploited.
Opportunity: The nightly builded images are deployed minimum every 1 day.
Exploit details
Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: High
Required resources (systems): Low
Additional Information
Implementation hints: - Sample concept:
(1) each container has a set lifetime and is killed / replaced with a new container multiple times a day where you have some form of a graceful replacement to ensure no (short) service outage will occur to the end users.
(2) twice a day a rebuild of images is done. The rebuilds are put into a automated testing pipeline. If the testing has no blocking issues the new images will be released for deployment during the next "restart" of a container. What has to be done, is to ensure the new containers are deployed in some canary deployment manner, this will ensure that if (and only if) something buggy has been introduced which breaks functionality the canary deployment will make sure the "older version" is being used and not the buggy newer one.
OWASP SAMM 2 Mapping: o-environment-management|B|1
ISO27001:2017 Controls Mapping:
