Engineering Blog
Technical writing from the Primod team — eBPF internals, CVE prioritization methodology, and runtime security architecture.
February 18, 2026
We instrumented 14 production clusters across three cloud providers to measure the real CPU and memory cost of eBPF-based runtime telemetry. Here is what we found — and where the numbers get interesting.
Senior Platform Engineer
SBOMs tell you which components are present. VEX tells you whether a supplier says a product is affected. Neither can prove whether a vulnerable path executed in your cluster, which is why platform teams should separate supply-chain assertions from runtime evidence.
March 18, 2026
Pod Security Admission, CEL policies, and admission webhooks can reject unsafe manifests before they land in etcd. They still do not tell you what a workload executed after startup, which is why platform teams should separate preventive policy from runtime evidence.
March 11, 2026
A CVE with a 9.8 score that never executes in your environment is less dangerous than a 5.3 that runs on every request. We built a scoring model around this idea.
February 11, 2026
Traditional incident scope relies on logs, alerts, and educated guesses. Execution graphs change that. We walk through a real incident timeline and show the difference.
February 4, 2026
Knowing a vulnerability is reachable is step one. Knowing which downstream services it can propagate to is what turns a finding into a prioritized action.
January 28, 2026
Two fundamentally different approaches to runtime visibility. One lives in the kernel, one lives next to your container. We compare latency, fidelity, and operational cost.
January 21, 2026
Audit season should not mean two weeks of manual log exports. Here is how runtime execution data maps to SOC2 CC6 controls and what auditors actually ask for.
January 14, 2026
Stay Current
