Sign up to save your podcasts
Or
Share How SBOMs and Engineering Discipline Can Help You Avoid Trivy’s Compromise
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How SBOMs and Engineering Discipline Can Help You Avoid Trivy’s Compromise
Viktor Peterson, part of the CISA task force working on SBOM blueprints and co-founder of sbomify, explores the shifting landscape of software supply chain security as the EU's Cyber Resilience Act (CRA) comes into force, a "GDPR moment" for the industry. Beyond mere compliance, Peterson argues that SBOMs provide significant operational value as tools for automated security audits and license management, provided they are generated using ecosystem-specific tools rather than generic scanners. He also points to providing critical security insights into the risks of weaponised code, citing recent incidents where security tools themselves became attack vectors, and emphasises the need for vendor-neutral discovery mechanisms like the Transparency Exchange API (TEA) to secure the software lifecycle.
Read a transcript of this interview: https://bit.ly/41eFG34
Subscribe to the Software Architects’ Newsletter for your monthly guide to the essential news and experience from industry peers on emerging patterns and technologies:
https://www.infoq.com/software-architects-newsletter
Upcoming Events:
QCon AI Boston 2026 (June 1-2, 2026)
Learn how real teams are accelerating the entire software lifecycle with AI.
https://boston.qcon.ai
QCon San Francisco 2026 (November 16-20, 2026)
https://qconsf.com/
The InfoQ Podcasts:
Weekly inspiration to drive innovation and build great teams from senior software leaders. Listen to all our podcasts and read interview transcripts:
- The InfoQ Podcast https://www.infoq.com/podcasts/
- Engineering Culture Podcast by InfoQ https://www.infoq.com/podcasts/#engineering_culture
- Generally AI: https://www.infoq.com/generally-ai-podcast/
Follow InfoQ:
- Mastodon: https://techhub.social/@infoq
- X: https://x.com/InfoQ?from=@
- LinkedIn: https://www.linkedin.com/company/infoq/
- Facebook: https://www.facebook.com/InfoQdotcom#
- Instagram: https://www.instagram.com/infoqdotcom/?hl=en
- Youtube: https://www.youtube.com/infoq
- Bluesky: https://bsky.app/profile/infoq.com
Write for InfoQ: Learn and share the changes and innovations in professional software development.
- Join a community of experts.
- Increase your visibility.
- Grow your career.
https://www.infoq.com/write-for-infoq
View all episodes
By InfoQ
4.8
3737 ratings
Viktor Peterson, part of the CISA task force working on SBOM blueprints and co-founder of sbomify, explores the shifting landscape of software supply chain security as the EU's Cyber Resilience Act (CRA) comes into force, a "GDPR moment" for the industry. Beyond mere compliance, Peterson argues that SBOMs provide significant operational value as tools for automated security audits and license management, provided they are generated using ecosystem-specific tools rather than generic scanners. He also points to providing critical security insights into the risks of weaponised code, citing recent incidents where security tools themselves became attack vectors, and emphasises the need for vendor-neutral discovery mechanisms like the Transparency Exchange API (TEA) to secure the software lifecycle.
Read a transcript of this interview: https://bit.ly/41eFG34
Subscribe to the Software Architects’ Newsletter for your monthly guide to the essential news and experience from industry peers on emerging patterns and technologies:
https://www.infoq.com/software-architects-newsletter
Upcoming Events:
QCon AI Boston 2026 (June 1-2, 2026)
Learn how real teams are accelerating the entire software lifecycle with AI.
https://boston.qcon.ai
QCon San Francisco 2026 (November 16-20, 2026)
https://qconsf.com/
The InfoQ Podcasts:
Weekly inspiration to drive innovation and build great teams from senior software leaders. Listen to all our podcasts and read interview transcripts:
- The InfoQ Podcast https://www.infoq.com/podcasts/
- Engineering Culture Podcast by InfoQ https://www.infoq.com/podcasts/#engineering_culture
- Generally AI: https://www.infoq.com/generally-ai-podcast/
Follow InfoQ:
- Mastodon: https://techhub.social/@infoq
- X: https://x.com/InfoQ?from=@
- LinkedIn: https://www.linkedin.com/company/infoq/
- Facebook: https://www.facebook.com/InfoQdotcom#
- Instagram: https://www.instagram.com/infoqdotcom/?hl=en
- Youtube: https://www.youtube.com/infoq
- Bluesky: https://bsky.app/profile/infoq.com
Write for InfoQ: Learn and share the changes and innovations in professional software development.
- Join a community of experts.
- Increase your visibility.
- Grow your career.
https://www.infoq.com/write-for-infoq
More shows like The InfoQ Podcast
View all
Software Engineering Radio - the podcast for professional software developers
273 Listeners
Hanselminutes with Scott Hanselman
382 Listeners
The Changelog: Software Development, Open Source
288 Listeners
Software Engineering Daily
626 Listeners
Soft Skills Engineering
287 Listeners
Thoughtworks Technology Podcast
44 Listeners
Engineering Culture by InfoQ
12 Listeners
Super Data Science: ML & AI Podcast with Jon Krohn
306 Listeners
Syntax - Tasty Web Development Treats
985 Listeners
CoRecursive: Coding Stories
189 Listeners
Practical AI
212 Listeners
AWS Podcast
204 Listeners
.NET Rocks!
242 Listeners
The Stack Overflow Podcast
63 Listeners
Oxide and Friends
67 Listeners