
Sign up to save your podcasts
Or


Supply chain attacks on open source software are surging, and Linux distributions are fighting back with a tool called the software bill of materials, or SBOM. In this episode, Lucas and Luna break down how distros like Fedora and Alpine are adopting SBOMs to provide a transparent list of every dependency in a package. They discuss a real attack on the xz-utils library in 2024 that bypassed maintainer scrutiny for years, and explain how SBOMs could have caught it earlier. The conversation covers the tension between SBOM completeness and developer usability, why container images make the problem harder, and the role of tools like SPDX and CycloneDX in standardizing the format. If you use Linux on a server, in a container, or on the desktop, your security posture depends on knowing what's actually in your software stack.
#Linux #OpenSource #SBOM #SupplyChainSecurity #SoftwareBillOfMaterials #CycloneDX #SPDX #Fedora #AlpineLinux #xzUtils #ContainerSecurity #DependencyManagement #DevOps #Security #Technology #FexingoBusiness #BusinessPodcast #TechPodcast
Keep every episode free: buymeacoffee.com/fexingo
By FexingoSupply chain attacks on open source software are surging, and Linux distributions are fighting back with a tool called the software bill of materials, or SBOM. In this episode, Lucas and Luna break down how distros like Fedora and Alpine are adopting SBOMs to provide a transparent list of every dependency in a package. They discuss a real attack on the xz-utils library in 2024 that bypassed maintainer scrutiny for years, and explain how SBOMs could have caught it earlier. The conversation covers the tension between SBOM completeness and developer usability, why container images make the problem harder, and the role of tools like SPDX and CycloneDX in standardizing the format. If you use Linux on a server, in a container, or on the desktop, your security posture depends on knowing what's actually in your software stack.
#Linux #OpenSource #SBOM #SupplyChainSecurity #SoftwareBillOfMaterials #CycloneDX #SPDX #Fedora #AlpineLinux #xzUtils #ContainerSecurity #DependencyManagement #DevOps #Security #Technology #FexingoBusiness #BusinessPodcast #TechPodcast
Keep every episode free: buymeacoffee.com/fexingo