The cloud’s worst kept secret? Vulnerabilities

The cloud’s worst kept secret? Vulnerabilities.

Many thanks to the great folks at Sysdig, who have sponsored my writing for the past week.

The unmanageable number of vulnerabilities in the cloud is the worst-kept secret. The Sysdig 2023 Cloud-Native Security and Usage report found that 87% of container images have high or critical vulnerabilities! Surely not everything is important! What is important? And what can you ignore?

There’s hope, the answer is “a lot!”

By focusing on in use risk exposure, or the vulnerable packages that are actually in use at runtime, teams can focus their efforts on a smaller fraction of the fixable vulnerabilities, the ones that actually represent true risk. The Sysdig report found that 15% of critical and high vulnerabilities with an available fix are in packages loaded at runtime. That’s a massive difference!

Reducing the number of vulnerabilities by 85% down to 15% provides a more actionable number for cybersecurity teams. By standardizing your approach on in use risk exposure, you can save time and focus that effort elsewhere, like producing new applications.

This year, the Sysdig 2023 Cloud-Native Security and Usage report focused on key cloud challenges, including software supply chain risk, zero trust, and cost management. After analyzing billions of containers, Sysdig hopes to help the industry understand the current state of the cloud and best practices that should inform your 2023 cybersecurity strategies. Read the key report takeaways from Sysdig.

Download Sysdig report

Download the full Cloud-Native Security and Usage Report to uncover the latest insights like:

  • How companies can save up to $10M in cloud costs
  • 87% of images include a high or critical vulnerability
  • 90% of accounts have excessive permissions

Learn More ➔

About Sysdig

Sysdig delivers cloud and container security so you can stop attacks with no wasted time. Detect threats in real-time using ML, curated rules and Sysdig Threat Research Policies. Prioritize vulnerabilities based on in-use risk exposure and fix fast with context. Gain agentless visibility combined with runtime security powered by eBPF and Falco.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about cybersecurity, you can find more information here.