View More ASW Episodes

Managing the Minimization of a Container Attack Surface – Neil Carpenter – ASW #344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org’s expectations that every CVE needs to be fixed. This segment is sponsored by Minimus. Visit https://securityweekly.com/minimus to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes!

This episode is sponsored by
Full Show Notes
Segment One

Managing the Minimization of a Container Attack Surface – Neil Carpenter – ASW #344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed.

This segment is sponsored by Minimus. Visit https://securityweekly.com/minimus to learn more about them!

Guest
Field CTO at Minimus

Neil helps organizations identify and contain security risks in their cloud estates. His passion for getting ahead of security problems comes from over a decade of leading customer-facing security incident response teams at Microsoft and seeing what happens when attackers win. Neil also helped build the future of cloud-native security at Twistlock, StackRox, Torq, and Orca Security before joining Minimus. When he’s not in front of a computer, Neil is an avid NYC-based street photographer.

Announcements

  • Join us at InfoSec World 2025, October 27 to 29 at Disney’s Coronado Springs Resort, Lake Buena Vista! With pre-event workshops October 25–26, and post-event workshops October 29–30. Connect, learn, and level up your cyber game! Save 25% now with code ISW25-SW at https://www.securityweekly.com/ISW2025!

  • Join us August 26 at 11 AM Eastern for Securing the Backbone: Strategies to Counter Cyber Threats to Critical Infrastructure in the Public Sector! Hear from top experts in energy, transportation, healthcare, and more as they share real-world attacks and proven defenses. Register now for complimentary access with code CSS25-SW at securityweekly.com/cssinfra2025!

List of Articles

Mike Shema

  1. The MadeYouReset HTTP/2 Vulnerability – What Is It? | Gal Bar Nahum’s Blog
  2. HTTP/1.1 Must Die: What This Means for Contract Pentesters and MSSPs | Blog – PortSwigger
  3. Three Dots to Root: How I Found a Path Traversal in Microsoft’s Agentic Web — NLWeb | by Aonan Guan | Aug, 2025 | Medium
  4. Speeding up the JavaScript ecosystem – Semver
  5. DARPA announces $4 million winner of AI code review competition at DEF CON | The Record from Recorded Future News
  6. FYI: From Beginner to Builder: Understanding OpenSSF Community and Working Groups
  7. Uncovering memory corruption in NVIDIA Triton (as a new hire)

    The accompanying blog post from our interview with Will Vandevanter back in episode 342.

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Episodes

Related Content

You can skip this ad in 5 seconds