GOTO - The Brightest Minds in Tech
The GOTO podcast seeks out the brightest and boldest ideas from language creators and the world's leading experts in software development in the form of interviews and conference talks. Tune in to get the inspiration you need to bring in new technologies or gain extra evidence to support your software development plan.
GOTO - The Brightest Minds in Tech
State of the Art of Container Security • Adrian Mouat & Charles Humble
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
This interview was recorded for GOTO State of the Art in November 2025.
https://gotopia.tech
Read the full transcription of this interview here:
https://gotopia.tech/articles/425
Adrian Mouat - Developer Relations at Chainguard & Author of 'Using Docker'
Charles Humble - Freelance Techie, Podcaster, Editor, Author & Consultant
RESOURCES
Adrian
https://bsky.app/profile/adrianmouat.com
https://twitter.com/adrianmouat
https://github.com/amouat
https://linkedin.com/in/adrianmouat
http://www.adrianmouat.com
Charles
https://bsky.app/profile/charleshumble.bsky.social
https://linkedin.com/in/charleshumble
https://mastodon.social/@charleshumble
https://conissaunce.com
Links
https://images.chainguard.dev
https://www.cisa.gov/sbom
https://www.chainguard.dev/supply-chain-security-101/the-npm-registry-cant-protect-you-the-new-javascript-supply-chain-attacks
https://oxide-and-friends.transistor.fm/episodes/discovering-the-xz-backdoor-with-andres-freund
https://edu.chainguard.dev
DESCRIPTION
In this State of the Art episode, Charles Humble speaks with Adrian Mouat, Developer Relations at Chainguard and author of "Using Docker", about the evolution of container security and the persistent challenge of outdated packages.
Adrian explains how traditional Linux distributions weren't designed for the immutable, frequently-replaced nature of containers, leading to security vulnerabilities that scanners detect but teams struggle to address. He discusses how Chainguard tackles this problem by building everything from source using Wolfi, creating minimal "distroless" images with near-zero CVEs, and how concepts like SBOMs, attestations, and defense in depth are reshaping security practices.
The conversation also covers major security incidents including the XZ Utils backdoor and Shai-hulud attacks, emphasizing the importance of building from source, using short-lived credentials, and replacing rather than updating containers – practices pioneered by companies like Google that are gradually spreading across the industry.
RECOMMENDED BOOKS
Adrian Mouat • Using Docker • https://amzn.to/3PEYIJL
Liz Rice • Container Security • https://amzn.to/3oU4iJe
Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075
Bluesky
Instagram
LinkedIn
Facebook
CHANNEL MEMBERSHIP BONUS
Join this channel to get early access to videos & other perks:
https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/join
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket: gotopia.tech
SUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted daily!