Justin Cormack
CTO, Docker
More by Justin
Securing Model Context Protocol: Safer Agentic AI with Containers
Learn about the new challenges of MCP security, where many current MCP tools fall short, and how containers help maintain best practices.
Read now
Highlights from Microsoft Build: Docker’s Innovations with AI and Windows on Arm
Windows is back! Docker CTO Justin Cormack talks about this and other takeaways from Microsoft Build 2024, including recently announced (and long-awaited) Docker Desktop support for Windows on Arm.
Read now
OpenSSH and XZ/liblzma: A Nation-State Attack Was Thwarted, What Did We Learn?
Docker CTO Justin Cormack looks at what we can learn from malicious code in upstream tarballs of xz targeted at a subset of OpenSSH servers. “It is hard to overstate how lucky we were here, as there are no tools that will detect this vulnerability.”
Read now
Docker Acquires Mutagen for Continued Investment in Performance and Flexibility of Docker Desktop
Docker acquires Mutagen, the open source software leveraging file synchronization and networking technologies, to invest in the future of Docker Desktop.
Read now
Announcing Docker SBOM: A step towards more visibility into Docker images
Image visibility and transparency are key to securing your software supply chain. Learn how our Docker SBOM feature highlights core image components.
Read now
Investing In Performance, Trust and Great Experiences for Developers
Docker is nine years old? Seems both like yesterday and a long time ago! The technology world has changed a lot since then, and Docker has played a key role in making it easy for developers to build and ship applications wherever they’re needed. What were the key changes that Docker introduced? Well, when Docker…
Read now
Apache Log4j 2 CVE-2021-44228
Update: 13 December 2021 As an update to CVE-2021-44228, the fix made in version 2.15.0 was incomplete in certain non-default configurations. An additional issue was identified and is tracked with CVE-2021-45046. For a more complete fix to this vulnerability, it’s recommended to update to Log4j2 2.16.0. ————————————————————————————- Original post below has now been updated: 15…
Read now
Docker Verified Publisher: Trusted Sources, Trusted Content
November 2024 update: Announcing Upgraded Docker Plans: Simpler, More Value, Better Development and Productivity — Six months since its launch at DockerCon, the Docker Verified Publisher program delivers on its promise to developers and partners alike The Docker Verified Publisher program means trusted content and trusted sources for the millions of Docker users. At the…
Read now
News from AWS re:Invent – Docker Official Images on Amazon ECR Public
We are happy to announce today that, in partnership with Amazon, Docker Official Images are now available on AWS ECR Public. This is especially exciting because Docker Official Images are some of the most popularly used images on Docker Hub, acting as a key and trusted starting point for base images for the entire container…
Read now
Notary v2 Project Update
Supply chain security is something that has been increasingly important to all of us in the last few years. Almost as important as the global supply chains that are having problems distributing goods around the world! There have been many attacks via the supply chain. This is where some piece of software that you use…
Read now
Secure Software Supply Chain Best Practices
Last month, the Cloud Native Computing Foundation (CNCF) Security Technical Advisory Group published a detailed document about Software Supply Chain Best Practices. You can get the full document from their GitHub repo. This was the result of months of work from a large team, with special thanks to Jonathan Meadows and Emily Fox. As one…
Read now
Donating Docker Distribution to the CNCF
Docker has contributed Docker Distribution to the CNCF. This move will ensure Docker Distribution has a broad group maintaining what is the foundation for many registries.
Read now
Docker’s sessions at KubeCon 2020
In a few weeks, August 17-20, lots of us at Docker in Europe were looking forward to hopping on the train down to Amsterdam for KubeCon CloudNativeCon Europe. But like every other event since March, this one is virtual so we will all be at home joining remotely. Most of the sessions are pre recorded with live Q&A, the format that we used at DockerCon 2020. As a speaker I really enjoyed this format at DockerCon, we got an opportunity to clarify and answer extra questions during the talk. It will be rather different from the normal KubeCon experience with thousands of people at the venue though!
Read now
Our Favourite Picks from the KubeCon Europe 2020 Schedule
Last Wednesday, the CNCF released the KubeCon Europe 2020 schedule. There are so many talks at KubeCon it can be daunting even to decide what to go to see! Here are some talks by the team at Docker, and some others we think will be particularly interesting. Looking forward to seeing you in Amsterdam!
Read now
Community Collaboration on Notary v2
At KubeCon last November there was a meeting with Docker, Amazon and Microsoft to plan a collaboration around a new version of the CNCF project Notary. We held the Notary v2 kickoff meeting a few weeks later in Seattle in the Amazon offices. So why a version 2 now?
Read now
Announcing LinuxKit: A Toolkit for building Secure, Lean and Portable Linux Subsystems
Last year, one of the most common requests we heard from our users was to bring a Docker-native experience to their platforms. These platforms were many and varied: from cloud platforms such as AWS, Azure, Google Cloud, to server platforms such as Windows Server, desktop platforms that their developers used such as OSX and Windows…
Read now
Securing Model Context Protocol: Safer Agentic AI with Containers
Learn about the new challenges of MCP security, where many current MCP tools fall short, and how containers help maintain best practices.
Read now
Highlights from Microsoft Build: Docker’s Innovations with AI and Windows on Arm
Windows is back! Docker CTO Justin Cormack talks about this and other takeaways from Microsoft Build 2024, including recently announced (and long-awaited) Docker Desktop support for Windows on Arm.
Read now
OpenSSH and XZ/liblzma: A Nation-State Attack Was Thwarted, What Did We Learn?
Docker CTO Justin Cormack looks at what we can learn from malicious code in upstream tarballs of xz targeted at a subset of OpenSSH servers. “It is hard to overstate how lucky we were here, as there are no tools that will detect this vulnerability.”
Read now
Docker Acquires Mutagen for Continued Investment in Performance and Flexibility of Docker Desktop
Docker acquires Mutagen, the open source software leveraging file synchronization and networking technologies, to invest in the future of Docker Desktop.
Read now
Announcing Docker SBOM: A step towards more visibility into Docker images
Image visibility and transparency are key to securing your software supply chain. Learn how our Docker SBOM feature highlights core image components.
Read now
Investing In Performance, Trust and Great Experiences for Developers
Docker is nine years old? Seems both like yesterday and a long time ago! The technology world has changed a lot since then, and Docker has played a key role in making it easy for developers to build and ship applications wherever they’re needed. What were the key changes that Docker introduced? Well, when Docker…
Read now
Apache Log4j 2 CVE-2021-44228
Update: 13 December 2021 As an update to CVE-2021-44228, the fix made in version 2.15.0 was incomplete in certain non-default configurations. An additional issue was identified and is tracked with CVE-2021-45046. For a more complete fix to this vulnerability, it’s recommended to update to Log4j2 2.16.0. ————————————————————————————- Original post below has now been updated: 15…
Read now
Docker Verified Publisher: Trusted Sources, Trusted Content
November 2024 update: Announcing Upgraded Docker Plans: Simpler, More Value, Better Development and Productivity — Six months since its launch at DockerCon, the Docker Verified Publisher program delivers on its promise to developers and partners alike The Docker Verified Publisher program means trusted content and trusted sources for the millions of Docker users. At the…
Read now
News from AWS re:Invent – Docker Official Images on Amazon ECR Public
We are happy to announce today that, in partnership with Amazon, Docker Official Images are now available on AWS ECR Public. This is especially exciting because Docker Official Images are some of the most popularly used images on Docker Hub, acting as a key and trusted starting point for base images for the entire container…
Read now
Notary v2 Project Update
Supply chain security is something that has been increasingly important to all of us in the last few years. Almost as important as the global supply chains that are having problems distributing goods around the world! There have been many attacks via the supply chain. This is where some piece of software that you use…
Read now
Secure Software Supply Chain Best Practices
Last month, the Cloud Native Computing Foundation (CNCF) Security Technical Advisory Group published a detailed document about Software Supply Chain Best Practices. You can get the full document from their GitHub repo. This was the result of months of work from a large team, with special thanks to Jonathan Meadows and Emily Fox. As one…
Read now
Donating Docker Distribution to the CNCF
Docker has contributed Docker Distribution to the CNCF. This move will ensure Docker Distribution has a broad group maintaining what is the foundation for many registries.
Read now
Docker’s sessions at KubeCon 2020
In a few weeks, August 17-20, lots of us at Docker in Europe were looking forward to hopping on the train down to Amsterdam for KubeCon CloudNativeCon Europe. But like every other event since March, this one is virtual so we will all be at home joining remotely. Most of the sessions are pre recorded with live Q&A, the format that we used at DockerCon 2020. As a speaker I really enjoyed this format at DockerCon, we got an opportunity to clarify and answer extra questions during the talk. It will be rather different from the normal KubeCon experience with thousands of people at the venue though!
Read now
Our Favourite Picks from the KubeCon Europe 2020 Schedule
Last Wednesday, the CNCF released the KubeCon Europe 2020 schedule. There are so many talks at KubeCon it can be daunting even to decide what to go to see! Here are some talks by the team at Docker, and some others we think will be particularly interesting. Looking forward to seeing you in Amsterdam!
Read now
Community Collaboration on Notary v2
At KubeCon last November there was a meeting with Docker, Amazon and Microsoft to plan a collaboration around a new version of the CNCF project Notary. We held the Notary v2 kickoff meeting a few weeks later in Seattle in the Amazon offices. So why a version 2 now?
Read now
Announcing LinuxKit: A Toolkit for building Secure, Lean and Portable Linux Subsystems
Last year, one of the most common requests we heard from our users was to bring a Docker-native experience to their platforms. These platforms were many and varied: from cloud platforms such as AWS, Azure, Google Cloud, to server platforms such as Windows Server, desktop platforms that their developers used such as OSX and Windows…
Read now