Looking for a contact at Docker, namely hub.docker.com

I’ve looked in https://github.com/disclose/diodb/blob/master/program-list.json?raw=true

All I can find is their security scanning thing, not their contact details.

Anyone got the security team at Docker Hub or do they not have one?

DM’ed the CTO on twitter, will update the database once I get the security contacts!

2 Likes

Problem solved over twitter!

VDP: Security Policy | Docker

EMAIL: security@

3 Likes

Fantastic work sick!

1 Like

Nice one! Were they responsive?

First Vuln was a false alarm, possible denial of service or out of bounds write.

Second issue is still ongoing. No archlinux:latest docker images work because glibc2.33 is released but none of the ancient LTS kernels whitelist updated syscalls.

So arch has to back port fixes so hub.docker.com works OR dockerhub updates their building kernel machines.

So, that’s the update, without telling you I use arch :joy:

2 Likes