Haha, some do, and then don't know what they're looking for.

Companies getting pwned because of Docker image hygiene issues should never make it to the HN front page.

They still do.

If your system does not involve an automatic CI loop of "new package/upstream source code/somebody else's Docker image (yuck)" -> "testing" -> "some sort of staged rollout to prod", then do not use Docker. If you are doing this, then you have better choices than Docker.

Fun fact: From Kubernetes, I can orchestrate actual VMs that startup faster, use less resources, and use my CPU's hardware virtualization instructions and, on top of that all, offer a Docker-compatible API to interface with legacy tools!

It's called Firecracker. Its KVM, underneath, the only tech I'm willing to use, after having used everything. Everyone gets to have their ridiculously overcomplex APIs, I get to have my actually working VMs.