
How SBOMs and Engineering Discipline Can Help You Avoid Trivy’s Compromise
From The InfoQ Podcast by InfoQ
April 13, 2026 · 38 min
About this episode
Viktor Peterson discusses the importance of SBOMs in enhancing software supply chain security amidst new regulations.
Viktor Peterson, part of the CISA task force working on SBOM blueprints and co-founder of sbomify, explores the shifting landscape of software supply chain security as the EU's Cyber Resilience Act (CRA) comes into force, a "GDPR moment" for the industry. Beyond mere compliance, Peterson argues that SBOMs provide significant operational value as tools for automated security audits and license management, provided they are generated using ecosystem-specific tools rather than generic scanners. He also points to providing critical security insights into the risks of weaponised code, citing recent incidents where security tools themselves became attack vectors, and emphasises the need for vendor-neutral discovery mechanisms like the Transparency Exchange API (TEA) to secure the software lifecycle. Read a transcript of this interview: https://bit.ly/41eFG34 Subscribe to the Software Architects’ Newsletter for your monthly guide to the essential news and experience from industry peers on emerging patterns and technologies: https://www.infoq.com/software-architects-newsletter Upcoming Events: QCon AI Boston 2026 (June 1-2, 2026) Learn how real teams are accelerating the entire software…
People in this episode
Guest: Viktor Peterson
Topics covered
- software supply chain security
- SBOM
- Cyber Resilience Act
- automated security audits
- license management
- security insights
- vendor-neutral discovery
Keywords
- SBOM
- software supply chain
- security audits
- Cyber Resilience Act
- automated tools
- vendor-neutral
- Transparency Exchange API
Mentioned in this episode
Organizations: CISA, sbomify, EU, Transparency Exchange API, GDPR
More episodes of The InfoQ Podcast
- From MCP and Vibe Coding to Harness Engineering: How Did AI Native Engineering Evolve in One Year · June 8, 2026 · 41 min
- Requirements Analysis for Architects: A Conversation with Sonya Natanzon · June 1, 2026 · 42 min
- Chasing Efficient Java Development: From 1BRC to Developing Hardwood AI Natively · May 25, 2026 · 41 min
- Context is the Key to the Agentic Architecture Revolution: A Conversation with Baruch Sadogursky · May 18, 2026 · 52 min
- From Java EE to Quarkus and LLMs: Adam Bien’s Playbook for Boring, Future‑Proof Systems · May 11, 2026 · 37 min
- Roq: Leveraging Quarkus to Build Static Sites at the Speed of Go · May 4, 2026 · 21 min
Explore listener stats, chart rankings, contacts and more on the The InfoQ Podcast podcast page.