<laughs> In this case, it's that small business unit that is still International Business Machines. It's hard to find these days, but there is still a bit of it lingering around. :-)
Seriously, there's very little left of IBM anymore. It's now just an accounting firm that dabbles in technology. 30 years ago I wouldn't have dreamed of ever saying this, but I miss the Incongruous Blue Monoliths.
"Doomsday" is absurd. First an attacker has to break into the container from the app before they can break out of the container.
Most people running containers are hosting all the same organization's assets on that shared kernel, and we're using containers as much for management and fault tolerance as for security.
There's always another privilege escalation bug.
But considering the tight kernel integration, it seems that there will be a lot of privilege escalation bugs on the way.
I want to understand more about containers in a service provider environment, because I work for a service provider and we don't currently have a container strategy.
Maybe it actually was doomsday in a sense - this issue impacted Fargate, meaning it could have allowed one AWS customer to compromise another AWS customer: https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
(Didn't impact us to that degree because we don't use Fargate)
Intel has really... really become good at it, though.
They like to lead.