I am huge fan of using containers for development and production in order to keep parity across all environments where we develop and deploy our code.

Today I came across Containers Under Attack article, that talks about containers security, but I do not see mentioned their a thing that bothers me since I started using containers.

Stop here, read the article I linked above and then continue...

So the thing that bothers me the most is that a lot of developers are careless or unaware of the best practices for containers and they just treat them as a normal server or VM, where they ship all the software they need inside 1 single container, they even include unnecessary remote access like SSH or FTP!!!

Worst than this is that I see lot of containers running all services as root... really??? Please keep any service running under a unprivileged user, unless is strictly impossible to do it.

Another think to bear in mind is that when using a new technology is vital to take the time to study what are the best practices and how it can be secured properly.

Now if you want to really excel as a developer then try to understand how your current stack works under the hood in an high level overview. Remember that he best the developers are always the ones that grasp at least 1 level below the stack they are using.

What are your thoughts on this?