Podcasting
Advertisers
Enterprise
Pricing
Resources
Discover Discover

Log in
Sign up free

PurePerformance

Hello BOB - Cloud Native Cybersecurity with Bill of Behaviors with Constanze Roedig

2025-09-29

On September 8 the world saw the npm supply chain attack. Fortunately the community reacted in record time to avert a disaster. In todays episode we have Constanze Roedig, Key Researcher at SBA Research, who introduces us to the new buddy of SBoM (Software Bill of Materials): SBoB (Software Bill of Behaviors) and her thoughts on how that new approach to fingerprinting software can help cyber security teams. What's a BoB? It's a detailed runtime behavior profile of software. It expands on the static v...

On September 8 the world saw the npm supply chain attack. Fortunately the community reacted in record time to avert a disaster.
In todays episode we have Constanze Roedig, Key Researcher at SBA Research, who introduces us to the new buddy of SBoM (Software Bill of Materials): SBoB (Software Bill of Behaviors) and her thoughts on how that new approach to fingerprinting software can help cyber security teams.
What's a BoB? It's a detailed runtime behavior profile of software. It expands on the static validation option through SBOMs as it allows security teams to validate the correct execution behavior of deployed software at deploy time or continuously in production. Thanks to eBPF, a malicious behavior such as opening non expected ports or accessing non expected files can therefore be detected.
Listen to Constanze who shares the work she and Vadim Bauer, Owner of 8gear, have done on this topic. You will learn about how software vendors can create their own SBOBs, ship them with their container images and how security teams can get alerted or enforce any detected malicious behavior. Make sure to check out their GitHub repo, star it if you like it and try their hands-on tutorial!

Links:
Constanze LinkedIn: https://www.linkedin.com/in/croedig/
Vadim LinkedIn: https://www.linkedin.com/in/vadim-bauer/O
BobCtl GitHub Repo: https://github.com/k8sstormcenter/bobctl
Cloud Native Summit Munich Talk: https://www.youtube.com/watch?v=XETuwndd_mw&index=11&pp=iAQB
npm supply chain attack: https://www.infosecurity-magazine.com/news/npm-supply-chain-attack-averted/

View more

Comments (3)

More Episodes

You may also like

MPIR Old Time Radio

Ham Radio Crash Course Podcast

Conversations on the Creek

Elliot in the Morning

The Ultimate Art Bell Podcast Feed

Podbean Amplified

Agatha Christie BBC Dramatisations

Lex Fridman Podcast

The Wheel of Time

Get this podcast on your phone, Free

Create Your Podcast In Minutes

Full-featured podcast site
Unlimited storage and bandwidth
Comprehensive podcast stats
Distribute to Apple Podcasts, Spotify, and more
Make money with your podcast

It is Free

Podcast Services
MONETIZATION & MORE
KNOWLEDGE BASE
Support
Podbean

Privacy Policy
Cookie Policy
Terms of Use
Consent Preferences
Copyright © 2015-2025 Podbean.com