Aflevering #121 Sbom Or Be Doomed: Surviving The Next Supply-Chain Meltdown

In this episode of The Dutch Kubernetes Podcast, Ronald and Jan sit down with Soroosh Khodami to explore one of the most urgent questions in modern software engineering: are we truly ready for the next Log4Shell-level cyber crisis? Soroosh, a hands-on solution architect currently supporting security platform services at Rabobank, takes us deep into the evolving threat landscape. From classic vulnerabilities like SQL injection to modern supply-chain attacks and the infamous XZ backdoor, he explains how seemingly small weaknesses can cascade into full-cluster compromise — especially in cloud-native and Kubernetes environments. The conversation covers: - How a simple SQL injection can escalate into full Kubernetes root access, thanks to lateral movement and unpatched dependencies - What supply-chain attacks really are, and why they’re becoming the attackers' favorite weapon - Low-effort, high-impact practices to secure your CI/CD pipeline - Shift-Left Security & DevSecOps — what’s hype, what’s real, and how teams need to evolve - Why SBOMs are becoming mandatory, and how they help organizations prepare for future zero-days - Essential tooling for SBOM generation, scanning and continuous monitoring - How new EU regulations (DORA & CRA) will impact developers, architects and enterprises in the coming years Soroosh also shares practical stories from the field, including real-world examples of dependency attacks, insecure pipelines, and security mistakes that happen even in mature organizations. This episode is a must-listen for developers, architects, platform engineers, and anyone building or deploying software in 2025 and beyond. Stuur ons een bericht. ACC ICT Specialist in IT-CONTINUÏTEIT Bedrijfskritische applicaties én data veilig beschikbaar, onafhankelijk van derden, altijd en overal Support the show Like and subscribe! It helps out a lot. You can also find us on: De Nederlandse Kubernetes Podcast - YouTube Nederlandse Kubernetes Podcast (@k8spodcast.nl) | TikTok De Nederlandse Kubernetes Podcast Where can you meet us: Events This Podcast is powered by: ACC ICT - IT-Continuïteit voor Bedrijfskritische Applicaties | ACC ICT