『How Linux Distros Are Securing the Supply Chain with SBOMs』のカバーアート

How Linux Distros Are Securing the Supply Chain with SBOMs

How Linux Distros Are Securing the Supply Chain with SBOMs

無料で聴く

ポッドキャストの詳細を見る
Supply chain attacks on open source software are surging, and Linux distributions are fighting back with a tool called the software bill of materials, or SBOM. In this episode, Lucas and Luna break down how distros like Fedora and Alpine are adopting SBOMs to provide a transparent list of every dependency in a package. They discuss a real attack on the xz-utils library in 2024 that bypassed maintainer scrutiny for years, and explain how SBOMs could have caught it earlier. The conversation covers the tension between SBOM completeness and developer usability, why container images make the problem harder, and the role of tools like SPDX and CycloneDX in standardizing the format. If you use Linux on a server, in a container, or on the desktop, your security posture depends on knowing what's actually in your software stack. #Linux #OpenSource #SBOM #SupplyChainSecurity #SoftwareBillOfMaterials #CycloneDX #SPDX #Fedora #AlpineLinux #xzUtils #ContainerSecurity #DependencyManagement #DevOps #Security #Technology #FexingoBusiness #BusinessPodcast #TechPodcast Keep every episode free: buymeacoffee.com/fexingo
adbl_web_anon_alc_button_suppression_t1
まだレビューはありません