Aflevering 12: SBOM or Be Doomed: Surviving the Next Supply-Chain Meltdown

In this episode of The Dutch Kubernetes Podcast, Ronald and Jan sit down with Soroosh Khodami to explore one of the most urgent questions in modern software engineering: are we truly ready for the next Log4Shell-level cyber crisis?

Soroosh, a hands-on solution architect currently supporting security platform services at Rabobank, takes us deep into the evolving threat landscape. From classic vulnerabilities like SQL injection to modern supply-chain attacks and the infamous XZ backdoor, he explains how seemingly small weaknesses can cascade into full-cluster compromise — especially in cloud-native and Kubernetes environments.

The conversation covers:

How a simple SQL injection can escalate into full Kubernetes root access, thanks to lateral movement and unpatched dependencies
What supply-chain attacks really are, and why they’re becoming the attackers' favorite weapon
Low-effort, high-impact practices to secure your CI/CD pipeline
Shift-Left Security & DevSecOps — what’s hype, what’s real, and how teams need to evolve
Why SBOMs are becoming mandatory, and how they help organizations prepare for future zero-days
Essential tooling for SBOM generation, scanning and continuous monitoring
How new EU regulations (DORA & CRA) will impact developers, architects and enterprises in the coming years
Soroosh also shares practical stories from the field, including real-world examples of dependency attacks, insecure pipelines, and security mistakes that happen even in mature organizations.

This episode is a must-listen for developers, architects, platform engineers, and anyone building or deploying software in 2025 and beyond.

Stuur ons een bericht.

ACC ICT Specialist in IT-CONTINUÏTEIT
Bedrijfskritische applicaties én data veilig beschikbaar, onafhankelijk van derden, altijd en overal

Support the show

Like and subscribe! It helps out a lot.

You can also find us on:
De Nederlandse Kubernetes Podcast - YouTube
Nederlandse Kubernetes Podcast (@k8spodcast.nl) | TikTok
De Nederlandse Kubernetes Podcast

Where can you meet us:
Events

This Podcast is powered by:
ACC ICT - IT-Continuïteit voor Bedrijfskritische Applicaties | ACC ICT