Aflevering 121: SBOM or Be Doomed: Surviving the Next Supply-Chain Meltdown

Jan Stomphorst
Ronald Kers
Luister naar deze aflevering op jouw favoriete platform!
Apple Podcast Icon - Radio Webflow TemplateSpotify Icon- Radio Webflow TemplateGoogle Podcast Icon - Radio Webflow TemplateAnchor Icon - Radio Webflow TemplateSoundCloud Icon - Radio Webflow Template
Aflevering 121: SBOM or Be Doomed: Surviving the Next Supply-Chain Meltdown
December 2, 2025
31
 MIN

Aflevering 121: SBOM or Be Doomed: Surviving the Next Supply-Chain Meltdown

Soroosh takes us deep into the evolving threat landscape. From classic vulnerabilities like SQL injection to modern supply-chain attacks and the infamous XZ backdoor, he explains how seemingly small weaknesses can cascade into full-cluster compromise

Samenvatting

In this episode of The Dutch Kubernetes Podcast, Ronald and Jan sit down with Soroosh Khodami to explore one of the most urgent questions in modern software engineering: are we truly ready for the next Log4Shell-level cyber crisis?

Soroosh, a hands-on solution architect currently supporting security platform services at Rabobank, takes us deep into the evolving threat landscape. From classic vulnerabilities like SQL injection to modern supply-chain attacks and the infamous XZ backdoor, he explains how seemingly small weaknesses can cascade into full-cluster compromise — especially in cloud-native and Kubernetes environments.

The conversation covers:

  • How a simple SQL injection can escalate into full Kubernetes root access, thanks to lateral movement and unpatched dependencies
  • What supply-chain attacks really are, and why they’re becoming the attackers' favorite weapon
  • Low-effort, high-impact practices to secure your CI/CD pipeline
  • Shift-Left Security & DevSecOps — what’s hype, what’s real, and how teams need to evolve
  • Why SBOMs are becoming mandatory, and how they help organizations prepare for future zero-days
  • Essential tooling for SBOM generation, scanning and continuous monitoring
  • How new EU regulations (DORA & CRA) will impact developers, architects and enterprises in the coming years

Soroosh also shares practical stories from the field, including real-world examples of dependency attacks, insecure pipelines, and security mistakes that happen even in mature organizations.

This episode is a must-listen for developers, architects, platform engineers, and anyone building or deploying software in 2025 and beyond.

Stuur ons een bericht.

ACC ICT Specialist in IT-CONTINUÏTEIT
Bedrijfskritische applicaties én data veilig beschikbaar, onafhankelijk van derden, altijd en overal

Support the show

Like and subscribe! It helps out a lot.

You can also find us on:
De Nederlandse Kubernetes Podcast - YouTube
Nederlandse Kubernetes Podcast (@k8spodcast.nl) | TikTok
De Nederlandse Kubernetes Podcast

Where can you meet us:
Events

Laatste afleveringen

Aflevering 126: From 135 ms to 6 ms: The Multi-Cloud Networking Mistake Everyone Makes
January 13, 2026
25
 MIN

Aflevering 126: From 135 ms to 6 ms: The Multi-Cloud Networking Mistake Everyone Makes

Aflevering 125 Why Kubernetes Belongs on Raspberry Pi’s, PLCs, and the Edge
January 6, 2026
27
 MIN

Aflevering 125 Why Kubernetes Belongs on Raspberry Pi’s, PLCs, and the Edge

Aflevering 124 Van Image Max Age tot DRA: de praktische kant van Kubernetes 1.35
December 23, 2025
34
 MIN

Aflevering 124 Van Image Max Age tot DRA: de praktische kant van Kubernetes 1.35

Alle afleveringen