Not a newt

But did they have a poster for their Cyber Security Awareness Month?

Rebuild: no. If the software itself is unmaintained, it gets replaced.

Patch: yes. If the base image contains vulnerabilities that can be fixed with a package update, then that gets applied. The patch size and side effects can be minimized by using copacetic, which can ingest Trivy scan results to identify vulnerabilities.

There’s also repos like Chainguard and Docker hardened images which are handy for getting up to date images of commonly used tools.

Found wage theft. That is, of the number of incidents reported, which ones were ruled to be theft. But there’s the undocumented part of wage theft.