Binary Provenance and SBOM Verification in Practice episode artwork

EPISODE · Jun 16, 2026 · 8 MIN

Binary Provenance and SBOM Verification in Practice

from SEC.co Podcast · host Eric Lamanna

Modern software delivery moves fast — but speed and trust don't always travel together. This episode of Cybersecurity tackles one of supply chain security's most pressing questions: once a binary lands in your environment, how do you actually know it is what it claims to be? Drawing on this in-depth 10-minute read on binary provenance and SBOM verification, the episode translates concepts that too often live in compliance documents into concrete engineering habits teams can wire into their pipelines today.Here's what the episode covers:What provenance really means: Structured, tamper-evident records — think of them as an artifact's passport — capturing who built a binary, from which source revision, with which toolchain, and under what conditions.Why cryptographic signatures are non-negotiable: Provenance is only useful if it cannot be quietly rewritten; signing attestations and anchoring them to a transparency log makes secret tampering implausible.SBOMs demystified: A Software Bill of Materials is simply a component inventory — names, versions, hashes, licenses — in formats like SPDX or CycloneDX. The episode explains why generating one once and filing it away is worse than useless, and why transitive dependencies are where real risk hides.Verification in practice: How to tie developer identity, builder keypairs, artifact hashes, and SBOM entries into a coherent, automatable check that gates promotion through environments.Common pitfalls: Hash drift from non-deterministic builds, ghost dependencies that never appear in lockfiles, and proprietary blobs that resist hashing — plus practical mitigations for each.Culture and metrics that stick: Making verification a gate rather than a suggestion, giving developers fast and specific feedback, and tracking lead indicators like deterministic rebuild rates and exception age instead of vanity metrics.The episode closes with a look at where the field is heading — builders producing provenance by default, registries storing attestations as first-class objects, and runtime attestation closing the loop from commit all the way to execution. For more from the show, check out the episode Bare-Metal Backdoors: Detecting Persistent Firmware-Level Implants, which explores another layer of the infrastructure trust problem.SEC

Episode metadata supplied by the publisher feed · Published Jun 16, 2026

Can you truly trust every binary running in your environment? This episode breaks down binary provenance and SBOM verification from theory into practical, pipeline-ready habits that replace assumption with cryptographic evidence.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Binary Provenance and SBOM Verification in Practice

0:00 8:30

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting! DIOSA. Carolina Sanper This podcast is a sacred space created by Carolina Sanper where you connect with your inner wisdom and embody your magnetic feminine power.It is the realization that the mystical realm is where you plant the seeds of your desired reality.It is a portal to your true essence: awareness, presence, and receiving with ease. Welcome home, DIOSA. 🖤 XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of SEC.co Podcast?

This episode is 8 minutes long.

When was this SEC.co Podcast episode published?

This episode was published on June 16, 2026.

What is this episode about?

Modern software delivery moves fast — but speed and trust don't always travel together. This episode of Cybersecurity tackles one of supply chain security's most pressing questions: once a binary lands in your environment, how do you actually know...

Can I download this SEC.co Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!