
Sign up to save your podcasts
Or


Modern software delivery moves fast — but speed and trust don't always travel together. This episode of Cybersecurity tackles one of supply chain security's most pressing questions: once a binary lands in your environment, how do you actually know it is what it claims to be? Drawing on this in-depth 10-minute read on binary provenance and SBOM verification, the episode translates concepts that too often live in compliance documents into concrete engineering habits teams can wire into their pipelines today.
Here's what the episode covers:
The episode closes with a look at where the field is heading — builders producing provenance by default, registries storing attestations as first-class objects, and runtime attestation closing the loop from commit all the way to execution. For more from the show, check out the episode Bare-Metal Backdoors: Detecting Persistent Firmware-Level Implants, which explores another layer of the infrastructure trust problem.
SEC
By Eric LamannaModern software delivery moves fast — but speed and trust don't always travel together. This episode of Cybersecurity tackles one of supply chain security's most pressing questions: once a binary lands in your environment, how do you actually know it is what it claims to be? Drawing on this in-depth 10-minute read on binary provenance and SBOM verification, the episode translates concepts that too often live in compliance documents into concrete engineering habits teams can wire into their pipelines today.
Here's what the episode covers:
The episode closes with a look at where the field is heading — builders producing provenance by default, registries storing attestations as first-class objects, and runtime attestation closing the loop from commit all the way to execution. For more from the show, check out the episode Bare-Metal Backdoors: Detecting Persistent Firmware-Level Implants, which explores another layer of the infrastructure trust problem.
SEC