Let’s Make Hardened Images the Seatbelts of Software

No automaker asks you to pay extra for a seatbelt. The cost is baked into the price of every car because seatbelts prevent harm at an acceptable marginal cost. It’s not even a conversation anymore. Of course your car has a seatbelt.

Hardened container images should work the same way. They should be affordable to a two-person startup on day one, ubiquitous by default and treated as a public good that raises safety for everyone. That means minimal bases, non-root execution, read-only filesystems, pinned and verified dependencies, signed…