The attack surface yes, but not the attack volume. No matter if the app is containerized or native, it has access to the data that it has to operate to. That’s literally part of computer nature.
But a containerized app, assuming the container service itself is kept up to date, has less hooks to break into other stuff than a native app does. For starters, a native app can read everything that’s world-readable, which in a shared system might be lots of stuff but in a containerized app might be quite minimal.
How so? if I compromise a containerized app I get all the data that app has access to.
From a security standpoint, each and every container running actually increases the potential attack surface.
The attack surface yes, but not the attack volume. No matter if the app is containerized or native, it has access to the data that it has to operate to. That’s literally part of computer nature.
But a containerized app, assuming the container service itself is kept up to date, has less hooks to break into other stuff than a native app does. For starters, a native app can read everything that’s world-readable, which in a shared system might be lots of stuff but in a containerized app might be quite minimal.