

Hello BOB - Cloud Native Cybersecurity with Bill of Behaviors with Constanze Roedig
Sep 29, 2025
Constanze Roedig, a key researcher at SBA Research, dives into the innovative concept of the Software Bill of Behaviors (SBoB). This approach provides a dynamic runtime behavior profile of software, enhancing cybersecurity practices. She explains the critical differences between static SBOMs and dynamic SBoBs, emphasizing the importance of real-time monitoring for detecting malicious behavior. Constanze also discusses how vendors can create their own SBoBs for better trust and security, while advocating for community engagement to strengthen this emerging framework.
AI Snips
Chapters
Transcript
Episode notes
Runtime Behavior Matters
- SBOMs list ingredients but miss runtime behavior which is where breaches occur.
- A Software Bill of Behaviors (SBoB) fingerprints execution to detect deviations in production.
NPM Compromise Example
- Constanze referenced the September 8 npm compromise as an example where runtime fingerprints would have alerted quickly.
- She argued that behavior deviations would have produced immediate alerts during that short compromise window.
Validate Network Endpoints
- Verify vendor telemetry endpoints and network behavior against provided profiles to detect DNS or endpoint tampering.
- Use SBoBs to confirm that telemetry targets and network calls match vendor-declared destinations.