A Systematic Mapping Study on Risks and Vulnerabilities in Software Containers

TL;DR

This systematic mapping study reviews 129 primary studies to organize and categorize security risks, vulnerabilities, practices, and tools in software container systems, providing a comprehensive overview of current security challenges and mitigation strategies.

Contribution

It introduces a novel taxonomy of risks and vulnerabilities in container systems and aggregates existing security practices and tools from the literature.

Findings

Identified critical risks and vulnerabilities across the container life-cycle.

Categorized risks using a new taxonomy for better understanding.

Highlighted the need for future research on security practices and mitigation strategies.

Abstract

Software containers are widely adopted for developing and deploying software applications. Despite their popularity, major security concerns arise during container development and deployment. Software Engineering (SE) research literature reveals a lack of reviewed, aggregated, and organized knowledge of risks, vulnerabilities, security practices, and tools in container-based systems development and deployment. Therefore, we conducted a Systematic Mapping Study (SMS) based on 129 selected primary studies to explore and organize existing knowledge on security issues in software container systems. Data from the primary studies enabled us to identify critical risks and vulnerabilities across the container life-cycle and categorize them using a novel taxonomy. Additionally, the findings highlight the causes and implications and provide a list of mitigation techniques to overcome these risks and vulnerabilities. Furthermore, we provide an aggregation of security practices and tools that can help support and improve the overall security of container systems. This study offers critical insights into the current landscape of security issues within software container systems. Our analysis highlights the need for future SE research to focus on security enhancement practices that strengthen container systems and develop effective mitigation strategies to comprehensively address existing risks and vulnerabilities.