This presentation extracts few points from CIS Docker 1.12 benchmark which was co-authored by me.
Ref: https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=docker12.100
Abstract: The concept of containerization was in Linux from ages