There are fairly few vulnerabilities discovered in docker itself.
The last one was in runc, the underlying container executor... these are very hard to get right.
This is kind of a stinky one, though because docker runs in the root context (unless you are experimenting with the rootless docker mode).
You could take this same argument to absurd extremes: the kernel is just an abstraction over the hardware, surely you could ditch the kernel and manage the hardware yourself and it will be more secure.
The reality is, in both cases, no you can't. Doing this stuff right requires expertise, and generally need more than one or two people looking at it.
This is kind of a stinky one, though because docker runs in the root context (unless you are experimenting with the rootless docker mode).
You could take this same argument to absurd extremes: the kernel is just an abstraction over the hardware, surely you could ditch the kernel and manage the hardware yourself and it will be more secure.
The reality is, in both cases, no you can't. Doing this stuff right requires expertise, and generally need more than one or two people looking at it.