The hunt for truly zero-CVE container images - The New Stack

This article discusses the challenges of creating zero-CVE container images, highlighting the limitations of traditional Linux distributions and the approaches of vendors like Chainguard and Docker. Chainguard argues that relying on upstream distros leads to delays in patching, while Docker's Hardened Images approach mirrors Debian's security advisories. The article also points out that CVEs are not always reliable indicators of security risk, suggesting that a more nuanced approach to vulnerability management is needed.