[tylfin]

Sorry but I'd like to get you started on what is happening inside containers ;P

Specifically can you go into more details about what worries you with containers. Is it insecure images with out of date software, or risky applications inside the containers? Something else?

[mschuster91]

Let's imagine your JIRA is insecure, someone owns it and obtains RCE, then does a privilege escalation on the host, whoops suddenly all services are accessible whereas that would have required more steps and owning in the old one-vm/bare metal-server-per-service model.

[arpa]

Escaping properly namespaced/pivot_root'ed environment and owning a host is non-trivial too.