Here is the fundamental problem. You cannot explain (a lot of people worked with containers and kind of get what they are but nit really) what a container is and point to the article. I've read the article and it confidently talks about docker containers. I can tell you for a fact that just because you're using a docker file and build a image does not mean there is anything special about the container that docker spins up. In fact there is no such thing as a container. We made it up. It's just a bunch of Linux kerned features that are used together creatively.
A container is not a replacement for properly securing/isolating your app. Any flaw in any of the mechanism the kernel uses to provide the "containerization" features can end up with all the containers on the node compromized. Also, unless you're really disciplined about how you're building your images you probably already have a bunch of zero days lurking in your deployments.
It's all fun and games until we actually need accountability and the buck has to stop with someone.
A container is not a replacement for properly securing/isolating your app. Any flaw in any of the mechanism the kernel uses to provide the "containerization" features can end up with all the containers on the node compromized. Also, unless you're really disciplined about how you're building your images you probably already have a bunch of zero days lurking in your deployments.
It's all fun and games until we actually need accountability and the buck has to stop with someone.