Finding and fixing vulnerabilities is a good thing, according to Docker engineer Michael Crosby. In a standing-room only session at the DockerCon conference in Austin, Texas last week, Crosby went into detail on how the open-source container project deals with vulnerabilities.
CVE, which is an acronym for Common Vulnerabilities and Exposures, is a common nomenclature and numbering system for uniquely identifying a specific vulnerability. Crosby emphasized that CVEs are part of the software development lifecycle and CVEs ultimately serve to help make software more secure (when patched).