On September 8 the world saw the npm supply chain attack. Fortunately the community reacted in record time to avert a disaster.
In todays episode we have Constanze Roedig, Key Researcher at SBA Research, who introduces us to the new buddy of SBoM (Software Bill of Materials): SBoB (Software Bill of Behaviors) and her thoughts on how that new approach to fingerprinting software can help cyber security teams.
What's a BoB? It's a detailed runtime behavior profile of software. It expands on the static validation option through SBOMs as it allows security teams to validate the correct execution behavior of deployed software at deploy time or continuously in production. Thanks to eBPF, a malicious behavior such as opening non expected ports or accessing non expected files can therefore be detected.
Listen to Constanze who shares the work she and Vadim Bauer, Owner of 8gear, have done on this topic. You will learn about how software vendors can create their own SBOBs, ship them with their container images and how security teams can get alerted or enforce any detected malicious behavior. Make sure to check out their GitHub repo, star it if you like it and try their hands-on tutorial!
Links:
Constanze LinkedIn:
https://www.linkedin.com/in/croedig/Vadim LinkedIn:
https://www.linkedin.com/in/vadim-bauer/O
BobCtl GitHub Repo:
https://github.com/k8sstormcenter/bobctlCloud Native Summit Munich Talk:
https://www.youtube.com/watch?v=XETuwndd_mw&index=11&pp=iAQBnpm supply chain attack:
https://www.infosecurity-magazine.com/news/npm-supply-chain-attack-averted/