[dvfjsdhgfv]

Many managers use "devops" as an excuse to put a lot of burden on a small team, then this team is doing their best to automate managing a large number of machines but it's physically impossible to delve deeper into details and polish things, hence mishaps are bound to happen. And don't get me started on on what is happening inside containers.

[tylfin]

Sorry but I'd like to get you started on what is happening inside containers ;P

Specifically can you go into more details about what worries you with containers. Is it insecure images with out of date software, or risky applications inside the containers? Something else?

[mschuster91]

Let's imagine your JIRA is insecure, someone owns it and obtains RCE, then does a privilege escalation on the host, whoops suddenly all services are accessible whereas that would have required more steps and owning in the old one-vm/bare metal-server-per-service model.

[arpa]

Escaping properly namespaced/pivot_root'ed environment and owning a host is non-trivial too.