[Aaronstotle]

When I was responsible for resolving vulns in my previous companies' docker images, in many cases upgrading the libraries was enough to resolve the vuln.

My role, and others like me, need to get that critical vuln number down. Meaning yes, upgrading libs was enough.

[frantic2821]

Mind me asking how big your organization was at that point? And were you the one responsible for patching after if something didn't resolve with upgrading libs?