Invisible Armor: Cycle's Behind-the-Scenes Update Guards Against Recent "Leaky Vessels" Container Exploit

At Cycle, we understand the paramount importance of security and the challenges that come with maintaining it. That's why we're proud to share how our proactive approach has not only addressed the recent “Leaky Vessels” container exploit, but has done so in a manner entirely transparent to our customers, and in under 4 hours of the vulnerability being made public.

The recent security advisory from Docker highlights multiple vulnerabilities in runc, Moby, and BuildKit, with runc being a cornerstone in container technology utilized across numerous platforms, including Cycle, Docker and Kubernetes. This vulnerability poses a critical risk, potentially allowing unauthorized access and control over containers.

The Importance of Being Up-to-Date

It’s not enough to ensure your own applications are up to date. Dependencies, runtimes, operating systems - things your software depends on - all need regular updating to stay ahead of critical security issues. In recent years, we’ve seen the rise of tools centered around software supply chain security. Docker recently announced Docker Scout, and even the White House is discussing software security. It’s a huge focus of the industry, and for good reason. One mistake could destroy your business, like what’s happening with 23andMe.

The unfortunate reality is that keeping up with software security is difficult, even with supply chain verification. If a security vulnerability is announced in a software dependency you rely on, you need to hear about it first. Then, depending on the severity and how widespread, it may require you patching dozens or hundreds of applications, and might even involve downtime without a standby team to manage the update smoothly. The process could take weeks. This leaves you wide-open for an attack, as hackers look to exploit the vulnerability before everyone patches it. In the end, many simply won’t update their software, and these vulnerabilities live on like a ticking time bomb, waiting to go off and cost you your business. And that’s just in software that you control.

Self Updating DevOps (LowOps) As A Service

Given the critical role DevOps plays in our software security, vulnerabilities in things like kernels, network stack software, or VM/container runtimes have a multiplier effect. Updating your own software may not be a huge deal, but waiting for that critical Kubernetes update, and applying it to multiple clusters by hand without downtime is a challenge. And the more effort involved, the less likely it is that it’s done in a timely manner, if at all.

When you’re using shared infrastructure via a service like EKS, not only are you still responsible for updating the version of Kubernetes, other people running insecure versions could still open you up to attack. To top it off, AWS will charge you more for being out of date to incentivize users to upgrade, costing you more as you try to get your software compliant.

These challenges are the reason one of the major features of Cycle is seamless, backward compatible updates to all customers, automatically. In just a few hours after the runc vulnerability was announced, we released a patched version of our software with the fix in place, and distributed it to everyone behind the scenes. This is a process we’re extremely familiar with. On average, we push updates to our customers every 2 weeks. Not only are they getting critical security updates, they’re getting new features and capabilities too. For example, we recently launched our “Deployments” feature to all of our customers, and they didn’t have to change a thing to take advantage of it.

Using Cycle, our customers sleep well knowing that the platform is guarding them, their business, and their customers. The best part is, it didn’t cost them any engineering effort. They continue to focus on what they care about most - their own software, without worrying about the entire state of the world.

This is why we call Cycle the world’s first LowOps platform. Maximum efficiency, for minimal (low) effort.

What's Next?

The world of cybersecurity is always on the move, with new challenges popping up all the time. At Cycle, we're always on our toes, ready to tackle these challenges head-on. Our promise to you is simple: we'll keep your infrastructure safe, up-to-date, and ready for anything that comes your way.

To wrap it up, our invisible armor isn't just about the tech—it's about building trust and being a reliable partner in this crazy digital world. With Cycle, you can rest easy knowing we're always looking out for you, making sure your digital world is secure and ahead of the game.

💡 Interested in trying the Cycle platform? Create your account today! Want to drop in and have a chat with the Cycle team? We'd love to have you join our public Cycle Slack community!