Hello BOB - Cloud Native Cybersecurity with Bill of Behaviors with Constanze Roedig

On September 8 the world saw the npm supply chain attack. Fortunately the community reacted in record time to avert a disaster. In todays episode we have Constanze Roedig, Key Researcher at SBA Research, who introduces us to the new buddy of SBoM (Software Bill of Materials): SBoB (Software Bill of Behaviors) and her thoughts on how that new approach to fingerprinting software can help cyber security teams. What's a BoB? It's a detailed runtime behavior profile of software. It expands on the static validation option through SBOMs as it allows security teams to validate the correct execution behavior of deployed software at deploy time or continuously in production. Thanks to eBPF, a malicious behavior such as opening non expected ports or accessing non expected files can therefore be detected. Listen to Constanze who shares the work she and Vadim Bauer, Owner of 8gear, have done on this topic. You will learn about how software vendors can create their own SBOBs, ship them with their container images and how security teams can get alerted or enforce any detected malicious behavior. Make sure to check out their GitHub repo, star it if you like it and try their hands-on tutorial! Links: Constanze LinkedIn: Vadim LinkedIn: O BobCtl GitHub Repo: Cloud Native Summit Munich Talk: npm supply chain attack:

You can listen to Hello BOB - Cloud Native Cybersecurity with Bill of Behaviors with Constanze Roedig online on Radio and Podcast. Open the player on this page to stream the available audio.

Hello BOB - Cloud Native Cybersecurity with Bill of Behaviors with Constanze Roedig is an episode from PurePerformance by PurePerformance.

This episode is 27:05 long.

This episode was published on Sep 29, 2025.

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Yes. This page shows related episodes from PurePerformance when more episodes are available from the podcast feed.