|
|
|
|
|
|
by raesene9
2586 days ago
|
|
|
For me, that comes down to threat model. Should every organization assume that every attacker has access to Linux 0-days that they can use to privesc on a box? My opinion is that that's not a realistic assessment for every attacker. Do some attackers have that? I'm sure they do, but not every company should assume that every attacker will be able to do that. And all this goes back again to the original point. The trope "containers don't contain" is overly simplistic and not appropriate for every companies threat mode. |
|
|