diff --git a/docker-bench-security.sh b/docker-bench-security.sh
index 6ebe45b..71a6a66 100644
--- a/docker-bench-security.sh
+++ b/docker-bench-security.sh
@@ -15,8 +15,8 @@
 
 # Setup the paths
 this_path=$(abspath $0)       ## Path of this file including filenamel
-dir_name=`dirname ${this_path}`    ## Dir where this file is
-myname=`basename ${this_path}`     ## file name of this script.
+dir_name="$(dirname ${this_path})"    ## Dir where this file is
+myname="$(basename ${this_path})"     ## file name of this script.
 logger="${myname}.log"
 
 
@@ -27,7 +27,7 @@ for p in $req_progs; do
 done
 
 # Ensure we can connect to docker daemon
-`docker ps -q >/dev/null 2>&1`
+"$(docker ps -q >/dev/null 2>&1)"
 if [ $? -ne 0 ]; then
   printf "Error connecting to docker daemon (does docker ps work?)\n"
   exit 1
@@ -50,10 +50,10 @@ yell "# ------------------------------------------------------------------------
 # https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.6_Benchmark_v1.0.0.pdf
 # ------------------------------------------------------------------------------"
 
-logit "Initializing `date`\n"
+logit "Initializing $(date)\n"
 
 # Warn if not root
-ID=`id -u`
+ID="$(id -u)"
 if [ "x$ID" != "x0" ]; then
     warn "Some tests might require root to run"
     sleep 3
@@ -72,15 +72,15 @@ done
 # Load all the tests from tests/ and run them
 main () {
   # List all running containers
-  containers=`docker ps -q`
+  containers="$(docker ps -q)"
   # If there is a container with label docker-bench, memorize it:
   benchcont="nil"
   for c in $containers; do
-    labels=`docker inspect --format '{{ .Config.Labels }}' $c`
+    labels="$(docker inspect --format '{{ .Config.Labels }}' $c)"
     contains "$labels" "docker-bench" && benchcont="$c"
   done
   # List all running containers except docker-bench
-  containers=`docker ps -q | grep -v $benchcont`
+  containers="$(docker ps -q | grep -v $benchcont)"
 
   for test in tests/*.sh
   do
diff --git a/helper_lib.sh b/helper_lib.sh
index e692deb..e3593b1 100644
--- a/helper_lib.sh
+++ b/helper_lib.sh
@@ -7,10 +7,10 @@ abspath () { case "$1" in /*)printf "%s\n" "$1";; *)printf "%s\n" "$PWD/$1";; es
 do_version_check() {
     [ "$1" = "$2" ] && return 10
 
-    ver1front=`printf $1 | cut -d "." -f -1`
-    ver1back=`printf $1 | cut -d "." -f 2-`
-    ver2front=`printf $2 | cut -d "." -f -1`
-    ver2back=`printf $2 | cut -d "." -f 2-`
+    ver1front="$(printf $1 | cut -d "." -f -1)"
+    ver1back="$(printf $1 | cut -d "." -f 2-)"
+    ver2front="$(printf $2 | cut -d "." -f -1)"
+    ver2back="$(printf $2 | cut -d "." -f 2-)"
 
     if [ "$ver1front" != "$1" ] || [ "$ver2front" != "$2" ]; then
         [ "$ver1front" -gt "$ver2front" ] && return 11
diff --git a/tests/1_host_configuration.sh b/tests/1_host_configuration.sh
index 49af272..6716f11 100644
--- a/tests/1_host_configuration.sh
+++ b/tests/1_host_configuration.sh
@@ -14,7 +14,7 @@ fi
 
 # 1.2
 check_1_2="1.2  - Use an updated Linux Kernel"
-kernel_version=`uname -r | cut -d "-" -f 1`
+kernel_version="$(uname -r | cut -d "-" -f 1)"
 do_version_check 3.10 $kernel_version
 if [ $? -eq 11 ]; then
   warn "$check_1_2"
@@ -25,7 +25,7 @@ fi
 # 1.5
 check_1_5="1.5  - Remove all non-essential services from the host - Network"
 # Check for listening network services.
-listening_services=`netstat -na | grep -v tcp6 | grep -v unix | grep LISTEN | wc -l`
+listening_services="$(netstat -na | grep -v tcp6 | grep -v unix | grep LISTEN | wc -l)"
 if [ $listening_services -eq 0 ]; then
   warn "1.5  - Failed to get listening services for check: $check_1_5"
 else
@@ -39,7 +39,7 @@ fi
 
 # 1.6
 check_1_6="1.6  - Keep Docker up to date"
-docker_version=`docker version | grep 'Server version' | awk '{print $3}'`
+docker_version="$(docker version | grep 'Server version' | awk '{print $3}')"
 if [ $? -eq 11 ]; then
   warn "$check_1_6"
 else
@@ -48,7 +48,7 @@ fi
 
 # 1.7
 check_1_7="1.7  - Only allow trusted users to control Docker daemon"
-docker_users=`cat /etc/group | grep docker`
+docker_users="$(cat /etc/group | grep docker)"
 info "$check_1_7"
 for u in $docker_users; do
   info "     * $u"
diff --git a/tests/2_docker_daemon_configuration.sh b/tests/2_docker_daemon_configuration.sh
index 11a0ea9..865d3ca 100644
--- a/tests/2_docker_daemon_configuration.sh
+++ b/tests/2_docker_daemon_configuration.sh
@@ -60,7 +60,7 @@ fi
 
 # 2.7
 check_2_7="2.7  - Do not use the aufs storage driver"
-storage_driver=`docker info 2>/dev/null| grep -e "^Storage Driver:\s*aufs\s*$"`
+storage_driver="$(docker info 2>/dev/null| grep -e "^Storage Driver:\s*aufs\s*$")"
 if [ $? -eq 0 ]; then
   warn "$check_2_7"
 else
diff --git a/tests/3_docker_daemon_configuration_files.sh b/tests/3_docker_daemon_configuration_files.sh
index 60207de..fa28fbc 100644
--- a/tests/3_docker_daemon_configuration_files.sh
+++ b/tests/3_docker_daemon_configuration_files.sh
@@ -247,7 +247,7 @@ fi
 check_3_16="3.16 - Verify that /etc/docker directory permissions are set to 755"
 directory="/etc/docker"
 if [ -d "$directory" ]; then
-  perms=`ls -ld $directory | awk '{print $1}'`
+  perms="$(ls -ld $directory | awk '{print $1}')"
   if [ $perms = "drwxr-xr-x." ]; then
     pass "$check_3_16"
   elif [ $perms = "drwx------" ]; then
@@ -266,7 +266,7 @@ check_3_17="3.17 - Verify that registry certificate file ownership is set to roo
 directory="/etc/docker/certs.d/"
 if [ -d "$directory" ]; then
   fail=0
-  owners=`ls -lL $directory/* | grep .crt | awk '{print $3, $4}'`
+  owners="$(ls -lL $directory/* | grep .crt | awk '{print $3, $4}')"
   for p in $owners; do
     printf "$p" | grep "root" >/dev/null 2>&1
     if [ $? -ne 0 ]; then
@@ -289,7 +289,7 @@ check_3_18="3.18 - Verify that registry certificate file permissions are set to
 directory="/etc/docker/certs.d/"
 if [ -d "$directory" ]; then
   fail=0
-  perms=`ls -lL $directory/* | grep .crt | awk '{print $1}'`
+  perms="$(ls -lL $directory/* | grep .crt | awk '{print $1}')"
   for p in $perms; do
     if [ "$p" != "-rw-r--r--." -a "$p" = "-rw-------." ]; then
       fail=1
@@ -308,7 +308,7 @@ fi
 
 # 3.19
 check_3_19="3.19 - Verify that TLS CA certificate file ownership is set to root:root"
-tlscacert=`ps -ef | grep docker | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | cut -d " " -f 1`
+tlscacert="$(ps -ef | grep docker | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | cut -d " " -f 1)"
 if [ -f "$tlscacert" ]; then
   ls -ld "$tlscacert" | awk '{print $3, $4}' | grep "root root" >/dev/null 2>&1
   if [ $? -eq 0 ]; then
@@ -324,9 +324,9 @@ fi
 
 # 3.20
 check_3_20="3.20 - Verify that TLS CA certificate file permissions are set to 444"
-tlscacert=`ps -ef | grep docker | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | cut -d " " -f 1`
+tlscacert="$(ps -ef | grep docker | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | cut -d " " -f 1)"
 if [ -f "$tlscacert" ]; then
-  perms=`ls -ld "$tlscacert" | awk '{print $1}'`
+  perms="$(ls -ld "$tlscacert" | awk '{print $1}')"
   if [ "$perms" = "-rw-r--r--" ]; then
     pass "$check_3_20"
   else
@@ -340,7 +340,7 @@ fi
 
 # 3.21
 check_3_21="3.21 - Verify that Docker server certificate file ownership is set to root:root"
-tlscert=`ps -ef | grep docker | sed -n 's/.*tlscert=\([^s]\)/\1/p' | cut -d " " -f 1`
+tlscert="$(ps -ef | grep docker | sed -n 's/.*tlscert=\([^s]\)/\1/p' | cut -d " " -f 1)"
 if [ -f "$tlscert" ]; then
   ls -ld "$tlscert" | awk '{print $3, $4}' | grep "root root" >/dev/null 2>&1
   if [ $? -eq 0 ]; then
@@ -356,9 +356,9 @@ fi
 
 # 3.22
 check_3_22="3.22 - Verify that Docker server certificate file permissions are set to 444"
-tlscacert=`ps -ef | grep docker | sed -n 's/.*tlscert=\([^s]\)/\1/p' | cut -d " " -f 1`
+tlscacert="$(ps -ef | grep docker | sed -n 's/.*tlscert=\([^s]\)/\1/p' | cut -d " " -f 1)"
 if [ -f "$tlscert" ]; then
-  perms=`ls -ld "$tlscert" | awk '{print $1}'`
+  perms="$(ls -ld "$tlscert" | awk '{print $1}')"
   if [ "$perms" = "-rw-r--r--" ]; then
     pass "$check_3_22"
   else
@@ -372,7 +372,7 @@ fi
 
 # 3.23
 check_3_23="3.23 - Verify that Docker server key file ownership is set to root:root"
-tlskey=`ps -ef | grep docker | sed -n 's/.*tlskey=\([^s]\)/\1/p' | cut -d " " -f 1`
+tlskey="$(ps -ef | grep docker | sed -n 's/.*tlskey=\([^s]\)/\1/p' | cut -d " " -f 1)"
 if [ -f "$tlskey" ]; then
   ls -ld "$tlskey" | awk '{print $3, $4}' | grep "root root" >/dev/null 2>&1
   if [ $? -eq 0 ]; then
@@ -388,9 +388,9 @@ fi
 
 # 3.24
 check_3_24="3.24 - Verify that Docker server key file permissions are set to 400"
-tlskey=`ps -ef | grep docker | sed -n 's/.*tlskey=\([^s]\)/\1/p' | cut -d " " -f 1`
+tlskey="$(ps -ef | grep docker | sed -n 's/.*tlskey=\([^s]\)/\1/p' | cut -d " " -f 1)"
 if [ -f "$tlskey" ]; then
-  perms=`ls -ld "$tlskey" | awk '{print $1}'`
+  perms="$(ls -ld "$tlskey" | awk '{print $1}')"
   if [ "$perms" = "-r--------" ]; then
     pass "$check_3_24"
   else
@@ -422,7 +422,7 @@ fi
 check_3_26="3.26 - Verify that Docker socket file permissions are set to 660"
 file="/var/run/docker.sock"
 if [ -f "$file" ]; then
-  perms=`ls -ld "$file" | awk '{print $1}'`
+  perms="$(ls -ld "$file" | awk '{print $1}')"
   if [ "$perms" = "srw-rw----" ]; then
     pass "$check_3_26"
   else
diff --git a/tests/4_container_images.sh b/tests/4_container_images.sh
index eb50c7a..3597620 100644
--- a/tests/4_container_images.sh
+++ b/tests/4_container_images.sh
@@ -17,7 +17,7 @@ else
   set -f; IFS=$'
 '
   for c in $containers; do
-    user=`docker inspect --format 'User={{.Config.User}}' $c`
+    user="$(docker inspect --format 'User={{.Config.User}}' $c)"
 
     if [ "$user" = "User=" -o "$user" = "User=[]" -o "$user" = "User=<no value>" ]; then
       # If it's the first container, fail the test
diff --git a/tests/5_container_runtime.sh b/tests/5_container_runtime.sh
index 3cd9495..12a511c 100644
--- a/tests/5_container_runtime.sh
+++ b/tests/5_container_runtime.sh
@@ -15,7 +15,7 @@ else
 
   fail=0
   for c in $containers; do
-    policy=`docker inspect --format 'AppArmorProfile={{ .AppArmorProfile }}' $c`
+    policy="$(docker inspect --format 'AppArmorProfile={{ .AppArmorProfile }}' $c)"
 
     if [ "$policy" = "AppArmorProfile=" -o "$policy" = "AppArmorProfile=[]" -o "$policy" = "AppArmorProfile=<no value>" ]; then
       # If it's the first container, fail the test
@@ -38,7 +38,7 @@ else
 
   fail=0
   for c in $containers; do
-    policy=`docker inspect --format 'SecurityOpt={{ .HostConfig.SecurityOpt }}' $c`
+    policy="$(docker inspect --format 'SecurityOpt={{ .HostConfig.SecurityOpt }}' $c)"
 
     if [ "$policy" = "SecurityOpt=" -o "$policy" = "SecurityOpt=[]" -o "$policy" = "SecurityOpt=<no value>" ]; then
       # If it's the first container, fail the test
@@ -61,7 +61,7 @@ else
 
   fail=0
   for c in $containers; do
-    processes=`docker exec $c ps -el 2>/dev/null | wc -l | awk '{print $1}'`
+    processes="$(docker exec $c ps -el 2>/dev/null | wc -l | awk '{print $1}')"
     if [ $processes -gt 5 ]; then
       # If it's the first container, fail the test
       if [ $fail -eq 0 ]; then
@@ -83,7 +83,7 @@ else
 
   fail=0
   for c in $containers; do
-    caps=`docker inspect --format 'CapAdd={{ .HostConfig.CapAdd}}' $c`
+    caps="$(docker inspect --format 'CapAdd={{ .HostConfig.CapAdd}}' $c)"
 
     if [ "$caps" != "CapAdd=" -a "$caps" != "CapAdd=[]" -a "$caps" != "CapAdd=<no value>" ]; then
       # If it's the first container, fail the test
@@ -106,7 +106,7 @@ else
 
   fail=0
   for c in $containers; do
-    privileged=`docker inspect --format '{{ .HostConfig.Privileged }}' $c`
+    privileged="$(docker inspect --format '{{ .HostConfig.Privileged }}' $c)"
 
     if [ "$privileged" = "true" ]; then
       # If it's the first container, fail the test
@@ -138,7 +138,7 @@ else
 /usr'
   fail=0
   for c in $containers; do
-    volumes=`docker inspect --format '{{ .VolumesRW }}' $c`
+    volumes="$(docker inspect --format '{{ .VolumesRW }}' $c)"
     # Go over each directory in sensitive dir and see if they exist in the volumes
     for v in $sensitive_dirs; do
       sensitive=0
@@ -165,7 +165,7 @@ else
 
   fail=0
   for c in $containers; do
-    processes=`docker exec $c ps -el 2>/dev/null | grep sshd | wc -l | awk '{print $1}'`
+    processes="$(docker exec $c ps -el 2>/dev/null | grep sshd | wc -l | awk '{print $1}')"
 
     if [ $processes -gt 1 ]; then
       # If it's the first container, fail the test
@@ -188,7 +188,7 @@ else
 
   fail=0
   for c in $containers; do
-    port=`docker port $c | awk '{print $1}' | cut -d '/' -f1`
+    port="$(docker port $c | awk '{print $1}' | cut -d '/' -f1)"
 
     if [ ! -z "$port" ] && [ "$port" -lt 1025 ]; then
       # If it's the first container, fail the test
@@ -211,7 +211,7 @@ else
 
   fail=0
   for c in $containers; do
-    mode=`docker inspect --format 'NetworkMode={{ .HostConfig.NetworkMode }}' $c`
+    mode="$(docker inspect --format 'NetworkMode={{ .HostConfig.NetworkMode }}' $c)"
 
     if [ "$mode" = "NetworkMode=host" ]; then
       # If it's the first container, fail the test
@@ -234,7 +234,7 @@ else
 
   fail=0
   for c in $containers; do
-    memory=`docker inspect --format '{{ .Config.Memory }}' $c`
+    memory="$(docker inspect --format '{{ .Config.Memory }}' $c)"
 
     if [ $memory = "0" ]; then
       # If it's the first container, fail the test
@@ -257,7 +257,7 @@ else
 
   fail=0
   for c in $containers; do
-    shares=`docker inspect --format '{{ .Config.CpuShares }}' $c`
+    shares="$(docker inspect --format '{{ .Config.CpuShares }}' $c)"
 
     if [ "$shares" = "0" ]; then
       # If it's the first container, fail the test
@@ -280,7 +280,7 @@ else
 
   fail=0
   for c in $containers; do
-   read_status=`docker inspect --format '{{ .HostConfig.ReadonlyRootfs }}' $c`
+   read_status="$(docker inspect --format '{{ .HostConfig.ReadonlyRootfs }}' $c)"
 
     if [ "$read_status" = "false" ]; then
       # If it's the first container, fail the test
@@ -303,7 +303,7 @@ else
 
   fail=0
   for c in $containers; do
-    ip=`docker port $c | awk '{print $3}' | cut -d ':' -f1`
+    ip="$(docker port $c | awk '{print $3}' | cut -d ':' -f1)"
     if [ "$ip" = "0.0.0.0" ]; then
       # If it's the first container, fail the test
       if [ $fail -eq 0 ]; then
@@ -325,7 +325,7 @@ else
 
   fail=0
   for c in $containers; do
-    policy=`docker inspect --format 'RestartPolicyName={{ .HostConfig.RestartPolicy.Name }}' $c`
+    policy="$(docker inspect --format 'RestartPolicyName={{ .HostConfig.RestartPolicy.Name }}' $c)"
 
     if [ "$policy" = "RestartPolicyName=always" ]; then
       # If it's the first container, fail the test
@@ -348,7 +348,7 @@ else
 
   fail=0
   for c in $containers; do
-    mode=`docker inspect --format 'PidMode={{.HostConfig.PidMode }}' $c`
+    mode="$(docker inspect --format 'PidMode={{.HostConfig.PidMode }}' $c)"
 
     if [ "$mode" = "PidMode=host" ]; then
       # If it's the first container, fail the test
@@ -371,7 +371,7 @@ else
 
   fail=0
   for c in $containers; do
-    mode=`docker inspect --format 'IpcMode={{.HostConfig.IpcMode }}' $c`
+    mode="$(docker inspect --format 'IpcMode={{.HostConfig.IpcMode }}' $c)"
 
     if [ "$mode" = "IpcMode=host" ]; then
       # If it's the first container, fail the test
@@ -394,7 +394,7 @@ else
 
   fail=0
   for c in $containers; do
-    devices=`docker inspect --format 'Devices={{ .HostConfig.Devices }}' $c`
+    devices="$(docker inspect --format 'Devices={{ .HostConfig.Devices }}' $c)"
 
     if [ "$devices" != "Devices=" -a "$devices" != "Devices=[]" -a "$devices" != "Devices=<no value>" ]; then
       # If it's the first container, fail the test
@@ -418,7 +418,7 @@ else
   # List all the running containers, ouput their ID and host devices
   fail=0
   for c in $containers; do
-    ulimits=`docker inspect --format 'Ulimits={{ .HostConfig.Ulimits }}' $c`
+    ulimits="$(docker inspect --format 'Ulimits={{ .HostConfig.Ulimits }}' $c)"
 
     if [ "$ulimits" = "Ulimits=" -o "$ulimits" = "Ulimits=[]" -o "$ulimits" = "Ulimits=<no value>" ]; then
       # If it's the first container, fail the test
diff --git a/tests/6_docker_security_operations.sh b/tests/6_docker_security_operations.sh
index 8c300ce..ae6edef 100644
--- a/tests/6_docker_security_operations.sh
+++ b/tests/6_docker_security_operations.sh
@@ -15,7 +15,7 @@ else
   set -f; IFS=$'
 '
   for c in $containers; do
-    volumes=`docker inspect --format '{{ .Volumes }}' $c`
+    volumes="$(docker inspect --format '{{ .Volumes }}' $c)"
 
     if [ "$volumes" = "map[]" ]; then
       # If it's the first container, fail the test
@@ -36,7 +36,7 @@ set +f; unset IFS
 
 # 6.6
 check_6_6="6.6 - Avoid image sprawl"
-images=`docker images | wc -l | awk '{print $1}'`
+images="$(docker images | wc -l | awk '{print $1}')"
 if [ $images -gt 100 ]; then
   warn "$check_6_6"
   warn "     * There are currently: $images images"
@@ -47,9 +47,9 @@ fi
 
 # 6.7
 check_6_7="6.7 - Avoid container sprawl"
-total_containers=`docker info 2>/dev/null | grep "Containers" | awk '{print $2}'`
-running_containers=`docker ps -q | wc -l | awk '{print $1}'`
-diff=`expr "$total_containers" - "$running_containers"`
+total_containers="$(docker info 2>/dev/null | grep "Containers" | awk '{print $2}')"
+running_containers="$(docker ps -q | wc -l | awk '{print $1}')"
+diff="$(expr "$total_containers" - "$running_containers")"
 if [ $diff -gt 25 ]; then
   warn "$check_6_7"
   warn "     * There are currently a total of $total_containers containers, with only $running_containers of them currently running"