Managing security issues in software containers: From practitioners’ perspective

Software development industries are increasingly adopting containers to enhance the scalability and flexibility of applications. Security in containerized projects is a critical challenge that can lead to data breaches and performance degradation, thereby directly affecting the reliability and operations of the container services. Despite the ongoing effort to manage the security issues in containerized projects in SE research, more investigations are needed to explore the human perspective of security management in containerized projects. This research aims to explore security management in containerized projects by exploring how SE practitioners manage the security issues in containerized projects. A clear understanding of security management in containerized projects will enable industries to develop robust security strategies that enhance software reliability and trust. To achieve this, we conducted two semi-structured interview studies to examine how practitioners approach security management. The first study focused on practitioners’ perceptions of security challenges in containerized environments, where we interviewed 15 participants between December 2022 and October 2023. The second study explored how to address security issues, with 20 participants interviewed between October 2024 and December 2024. Data analysis reveals how SE practitioners address the various security challenges in containerized projects. Our analysis also identified the technical and non-technical enablers that can be utilized to enhance security in containerized projects. Overall, we propose a conceptual model that visualizes how practitioners manage security issues in containerized projects. We argue that our proposed model will guide practitioners in making informed decisions to plan, develop, and deploy secure container systems.