ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "EP66 Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance"
Episode Synopsis
Guest: Sandra Guo, Product Manager in Security, Google Cloud Topics: We have a really interesting problem here: if we make great investments in our use of trusted repositories, and great investments in doing code review on every change, and securing our build systems, and having reproducible builds, how do we know that all of what we did upstream is actually what gets deployed to production? What are the realistic threats that Binary Authorization handles? Are there specific organizations that are more at risk from those? What's the Google inspiration for this work, both development and adoption? How do we make this work in practice at a real organization that is not Google? Where do you see organizations "getting it wrong" and where do you see organizations "getting it right"? We've had a lot of conversations about rolling out zero-trust for enterprise applications, how do those lessons (start small, be visible, plan plan plan) translate into deploying Binauthz into blocking mode? Resources: "Binary Authorization for Borg: how Google verifies code provenance and implements code identity" paper Binary Authorization for deploying trusted images DevOps & SRE at Google
More episodes of the podcast Cloud Security Podcast by Google
EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen
12/01/2026
EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance
15/12/2025
EP254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation
01/12/2025
In God we trust