The majority of developers believe that they should own the security responsibility for their applications, and a significant portion also believe that this responsibility falls on the developers. However, only 19% of developers test their Docker images during development for vulnerabilities in the Operating System layer, leaving over 80% without proper testing. This lack of testing can lead to costly discoveries of vulnerabilities later on, as it often takes an average of 2.5 years to discover and report a vulnerability. To mitigate this risk, organizations should consider partnering with trusted vendors to manage some of the security risks associated with their base images, and developers should use scanning tools to catch vulnerable images throughout the development cycle.