Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Content provided by Viktor Petersson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Viktor Petersson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Inside the Yocto Project's Evolving Tooling: SBOMs, SPDX 3.0, and Secure Embedded Systems

50:37
 
Share
 

Manage episode 481166058 series 3621860
Content provided by Viktor Petersson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Viktor Petersson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
In this episode of Nerding Out with Viktor, host Viktor Petersson speaks with Joshua Watt of Garmin and Ross Burton of ARM to explore how the Yocto Project is evolving to meet the growing demands of software supply chain security, embedded Linux customization, and long-term product maintenance. As two long-time contributors to Yocto and OpenEmbedded, Joshua and Ross share hard-earned insights on how build-time Software Bill of Materials (SBOMs) offer deeper accuracy and compliance benefits compared to traditional post-build analysis. They dig into how the integration of SPDX 3.0 in Yocto enables better license tracking, reproducibility, and component transparency, critical features for developers building connected products in regulated industries like industrial IoT, telecom, and automotive. The conversation also covers how VEX metadata can be used to prioritize vulnerabilities in real-world environments, and why reproducible builds using BitBake's hashserver infrastructure are becoming a cornerstone of secure firmware development. As global regulatory frameworks like the EU Cyber Resilience Act (CRA) push for stricter transparency and vulnerability management, the Yocto Project's native SBOM tooling is helping teams future-proof their embedded Linux stacks. Joshua and Ross also discuss the challenges of managing multi-layer board support packages (BSPs), handling closed-source components responsibly, and navigating SBOM creation across vendors in complex system builds. This episode is a must-listen for embedded engineers, firmware architects, and product teams who want to build secure, scalable Linux-based devices while staying ahead of compliance and lifecycle management needs.

]]>

  continue reading

37 episodes

Artwork
iconShare
 
Manage episode 481166058 series 3621860
Content provided by Viktor Petersson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Viktor Petersson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
In this episode of Nerding Out with Viktor, host Viktor Petersson speaks with Joshua Watt of Garmin and Ross Burton of ARM to explore how the Yocto Project is evolving to meet the growing demands of software supply chain security, embedded Linux customization, and long-term product maintenance. As two long-time contributors to Yocto and OpenEmbedded, Joshua and Ross share hard-earned insights on how build-time Software Bill of Materials (SBOMs) offer deeper accuracy and compliance benefits compared to traditional post-build analysis. They dig into how the integration of SPDX 3.0 in Yocto enables better license tracking, reproducibility, and component transparency, critical features for developers building connected products in regulated industries like industrial IoT, telecom, and automotive. The conversation also covers how VEX metadata can be used to prioritize vulnerabilities in real-world environments, and why reproducible builds using BitBake's hashserver infrastructure are becoming a cornerstone of secure firmware development. As global regulatory frameworks like the EU Cyber Resilience Act (CRA) push for stricter transparency and vulnerability management, the Yocto Project's native SBOM tooling is helping teams future-proof their embedded Linux stacks. Joshua and Ross also discuss the challenges of managing multi-layer board support packages (BSPs), handling closed-source components responsibly, and navigating SBOM creation across vendors in complex system builds. This episode is a must-listen for embedded engineers, firmware architects, and product teams who want to build secure, scalable Linux-based devices while staying ahead of compliance and lifecycle management needs.

]]>

  continue reading

37 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Listen to this show while you explore
Play