On episode 48 of The Kubelist Podcast, Marc Campbell and Benjie De Groot sit down with Justin Cappos, professor at NYU and a pioneer in software supply chain security. They explore the origins of modern package manager security, the real-world limits of SBOMs, and why systems should be designed assuming compromise. The conversation spans CNCF governance, in-toto, TUF, Git security, and the emerging role of AI in securing software.

The post appeared first on Heavybit.