CVEs dominated the conversation at Black Hat 2025. Across sessions, booth discussions, and hallway chatter, it was clear that teams are feeling the pressure to manage vulnerabilities at scale. While scanning remains an important tool, the focus is shifting toward removing security debt before it enters the software supply chain. Hardened images, compliance-ready tooling, and strong ecosystem partnerships are emerging as the path forward.
Community Highlights
The Docker community was out in full force, thank you all! Our booth at Black Hat was busy all week with nonstop conversations, hands-on demos, and a steady stream of limited-edition hoodies and Docker socks spotted around Las Vegas.
The Docker + Wiz evening party brought together the DevSecOps community to swap stories, compare challenges, and celebrate progress toward a more secure software supply chain. It was a great way to hear firsthand what’s top of mind for teams right now.
Across sessions, booth conversations, and the Wiz + Docker party, six key security themes stood out.
A busy Doker Booth @ Black Hat 2025
What We Learned: Six Key Themes
- Scanning isn’t enough. Teams are looking for secure, zero-CVE starting points that eliminate security debt from the outset.
- Security works best when it meets teams where they are. The right hardened distro makes all the difference. For example, Debian for compatibility and Alpine for a minimal footprint.
- Flexibility is essential. Customizations to minimal images are a crucial business requirement for enterprises running custom, mission-critical apps.
- Hardening is expanding quickly to regulated industries, with FedRAMP-ready variants in high demand.
- AI security doesn’t require reinvention; proven container patterns still protect emerging workloads.
- Better together ecosystems and partnerships still matter. We’re cooking some great things with Wiz to cut through alert fatigue, focus on exploitable risks, and speed hardened image adoption.
Technical Sessions Highlights
In our Lunch and Learn event, Docker’s Mike Donovan, Brian Pratt, and Britney Blodget shared how Docker Hardened Images provide a zero-CVE starting point backed by SLAs, SBOMs, and signed provenance. This approach removes the need to choose between usability and security. Debian and Alpine variants meet teams where they are, while customization capabilities allow organizations to add certificates, packages, or configurations and still inherit updates from the base image. Interest in FedRAMP-ready images reinforced that secure-by-default solutions are in demand across highly regulated industries, and can accelerate an organization’s FedRAMP process.
Docker Hardened Images Customization
On the AI Stage, Per Krogslund explored how emerging AI agents raise new questions around trust and governance, but do not require reinventing security from scratch. Proven container security patterns—including isolation, gateway controls, and pre-runtime validation—apply directly to these workloads. Hardened images provide a crucial, trusted launchpad for AI systems too, ensuring a secure and compliant foundation before a single agent is deployed.
Black Hat 2025 is in the books, but the conversation about building secure foundations is just getting started. In response to the fantastic customer feedback, Docker Hardened Images’ roadmap now features more workflow integrations, many more verified images in the catalog, and a lot more. Watch this space!
Ready to eliminate security debt from day one? Docker Hardened Images provide zero-CVE base images, built-in compliance tooling, and the flexibility to fit your workflows.
Learn more and request access to Docker Hardened Images!