Security Strategy, Plan, Budget, DevOps

Java developers struggle with container security, prefer provider solutions

Per The Register, a recent survey indicates that a significant portion of Java developers find container security challenging, with many preferring to rely on providers of pre-hardened containers rather than managing security themselves.

BellSoft's 2025 State of Container Security report, based on a survey of 427 developers, found that 48% would delegate container security to specialized providers. Security was the top concern (29%) when selecting base container images, yet many developers (55%) use general-purpose Linux distributions and 69% use general-purpose JDKs, which BellSoft argues are less secure due to bloat.

Human error (62%) was cited as the primary cause of container security mistakes, followed by patching issues. Organizational constraints and a lack of prioritization also contribute to these difficulties. Common security measures include trusted registries (45%) and vulnerability scanning (43%). The findings highlight a persistent gap between developers' security intentions and their current practices, often exacerbated by resource limitations.

Source: The Register

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds