Abstract
Every team wants secure container images, but few realize how complex it becomes at scale. Building and maintaining hundreds or thousands of images means juggling dependency updates, vulnerability disclosures, and pressure to deliver fast—all while trying to keep the CVE count at zero.
This session breaks down the practical steps for building hardened container images that stay free of known vulnerabilities. We’ll explore the patterns that emerge when running a modern Linux distribution, the automation needed to keep dependencies current, and the trade-offs teams face when balancing security, speed, and reliability.
You’ll learn approaches for prioritizing and remediating CVEs, designing sustainable pipelines, and hardening images against common attack vectors. Along the way, we’ll share the lessons learned from operating at scale and highlight what it really takes to maintain zero-CVE images in production.
Whether you’re an engineer, security leader, or simply curious about secure software supply chains, you’ll walk away with practical insights you can apply to your own environment—and a deeper appreciation for the challenges behind every “secure” image.
Speaker
Natalie Somersall
Principal Solutions Engineer @Chainguard
Natalie is a principal solutions engineer at Chainguard serving the public sector market. She spent years designing, building, and leading complex systems in regulated environments at a major systems integrator, but has also taken her career in many other directions - including detours into project management, systems engineering, and teaching.
She’s passionate about diversity in technology and empowering engineers to build better.
Session Sponsored By
Chainguard is the secure foundation for software development and deployment. We help organizations eliminate threats in their software supply chains.
Date
Monday Nov 17 / 03:55PM PST ( 50 minutes )
Location
Pacific LM
Video
Video is not available
