Java devs want container security

https://www.theregister.com/2026/01/30/java_developers_container_security/

Publish Date: 2026-01-29 19:12:00

Java developers still struggle to secure containers, with nearly half (48 percent) saying they’d rather delegate security to providers of hardened containers than worry about making their own container security decisions.

This finding comes from BellSoft, which offers the Liberica JDK, a free, open-source implementation of Java SE. The company says it surveyed 427 developers at Devoxx last year for its 2025 State of Container Security report. Its goal was to better understand decisions about containers, security, priorities, and practices.

The most important factor among the survey respondents in choosing a base container image was security (29 percent), followed by performance (21 percent), image size (17 percent), Java support (17 percent), ease of use (11 percent), license compliance (4 percent), and other (1 percent).

That’s understandable given that almost one in four of the devs (23 percent) said they’d experienced container-related security incidents in the past year.

Yet the choices these developers make in terms of their software tools may be undermining their stated goals. About 55 percent rely on general-purpose Linux distributions and 69 percent use general-purpose JDKs. Such software, BellSoft argues, is bloated by unnecessary packages and thus requires extra work to secure and optimize compared to pre-hardened options.

That might be manageable were it not for unreliable people. According to the respondents, 62 percent of container security mistakes came from human error, followed by patching difficulties (36 percent), gaps before patch availability (32 percent), and false positives from scanning tools (29 percent).

And these issues were compounded by organizational time and resource constraints (49 percent) and lack of organizational prioritization (36 percent).

Respondents revealed various…

Source