Skip to content
Get started
Engineering Trust

Engineering Trust

BusinessEntrepreneurship2 episodes
Engineering Trust explores how modern software systems earn and maintain trust through security, compliance, architecture, and intentional design. In each episode, we speak with engineering leaders, security executives, founders, and regulators about building trustworthy systems at scale. We go beyond theory to unpack real-world decisions around secure development, compliance-by-design, software supply chain risk, and operational resilience. This podcast is for CTOs, CISOs, VP Engineering, product security teams, and technical leaders navigating increasing regulatory pressure, complex architectures, and rising expectations for transparency. If trust is something your systems must prove, not promise, then this show is for you.
Latest episode

All Episodes

#2 Exodos Labs Engineering Trust Podcast - SBOM Demystified or Why Software needs an Ingredients Label

#2 Exodos Labs Engineering Trust Podcast - SBOM Demystified or Why Software needs an Ingredients Label

12 min 41 sec
In this episode of the Exodos Labs Engineering Trust Podcast, we break down SBOMs in plain language: what an SBOM is (a “software ingredients list”), why it suddenly matters for security and compliance, and what “good SBOM hygiene” looks like in practice. You’ll hear real-world context (including why Log4j is still haunting organizations years later), how SBOMs fit into the software lifecycle, and why “generating an SBOM” is the easy part—while requesting, receiving, tracking, validating, and sharing SBOMs at scale is where most teams struggle. In this episode, we cover: SBOM 101: what it is (and what it isn’t) using the ingredients-list analogy Why this is a supply chain problem (open-source dependency reality + downstream risk) The two dominant formats: SPDX and CycloneDX—and what differs in practice How SBOM generation works with common tools (and why CI/CD automation is key to staying up to date) SBOM “quality gates” and minimum requirements (e.g., NTIA / industry baselines) Why SBOM exchange today is “all over the place” (emails, portals, shared drives) and how to make it auditable A look ahead: XBOMs (e.g., cryptography BOM), and geo-risk / provenance signals via maintainer & contributor context If you’re a CISO, AppSec, DevOps, or product security leader trying to operationalize SBOMs beyond checkbox compliance, this one is for you.
Play episode
#1 Exodos Labs Engineering Trust Podcast - EU CRA Deep Dive

#1 Exodos Labs Engineering Trust Podcast - EU CRA Deep Dive

14 min 4 sec
The Exodos Labs team breaks down the EU Cyber Resilience Act (CRA) into a practical readiness playbook for software vendors—no legalese, just the actions you need to take now to be ready before 2027. In this episode, we cover: The CRA timeline and the two key milestones (reporting starts in 2026; full requirements hit in 2027) What the CRA actually expects: security-by-design/default, vulnerability handling, supply chain control, and user-facing documentation Product risk classes (Standard vs. “Important” Class I vs. “Critical” Class II) and what that means for conformity assessment SBOMs as operational evidence: CI/CD generation, quality gates, versioning, and controlled access (not “publish everything”) A realistic 90-day blueprint to get your first CRA-ready skeleton in place If you’re a product security, engineering, or compliance lead shipping into the EU, this is your “start here” checklist.
Play episode