From 4eb602555672232354e798374e7f33740c62a8eb Mon Sep 17 00:00:00 2001
From: Wes Widner <kai5263499@gmail.com>
Date: Sat, 4 Nov 2017 15:36:52 -0400
Subject: [PATCH] add several resources for sandboxing containers

---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index 5fc5c90..02ac1b3 100644
--- a/README.md
+++ b/README.md
@@ -127,6 +127,9 @@ A collection of container related security resources
 ### [Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud](https://www.youtube.com/watch?v=d2TU_Q4U9DA)
 * An exploration of covert channels
 
+### [Setting the Record Straight: containers vs. Zones vs. Jails vs. VMs](https://blog.jessfraz.com/post/containers-zones-jails-vms/)
+* Contains an interesting point about how contains that share network namespaces can snoop on eachother's traffic
+
 ### Commercial solutions
 * [StakRox](https://www.stackrox.com/product/) - Container security solution with adaptive threat protection
 * [Netsil](https://netsil.com/) - Operations dashboard for Kubernetes
@@ -169,6 +172,13 @@ A collection of container related security resources
 ### [Falco](https://www.sysdig.org/falco/)
 * Open source container security monitoring
 
+### [Getting towards real sandbox containers](https://blog.jessfraz.com/post/getting-towards-real-sandbox-containers/)
+
+### [Bubblewrap](https://github.com/projectatomic/bubblewrap)
+
+### [Subgraph](https://subgraph.com/)
+* Bills itself as an adversary resistant computing platform. Under the hood the idea is to run containers in user space
+
 ------------------------------------------------------------------------------------------
 
 ## Exploits