ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Supply Chain Warfare: CI/CD Threats and Open Source Security with François Proulx"
Episode Synopsis
Supply Chain Warfare: CI/CD Threats and Open Source Security with François ProulxIn this episode of the Security Repo Podcast, François Proulx, VP of Security Research at Boost Security, discusses the evolving threats in software supply chain security, particularly focusing on attacks targeting CI/CD pipelines. He explains how open source tools like "Poutine" are being used both defensively and offensively in the ongoing battle to secure build systems. François also shares his journey into security, lessons from working at Intel, and practical advice on dependency pinning, short-lived credentials, and password best practices.https://www.linkedin.com/in/francoisp/https://boostsecurity.io/blog/unveiling-poutine-an-open-source-build-pipelines-security-scanner[https://nsec.io /](https://nsec.io/)François is VP of Security Research at BoostSecurity, where he leads the Supply Chain research team. With over 10 years of experience in building AppSec programs for large corporations (such as Intel) and small startups he has been in the heat of the action as the DevSecOps movement took shape. François is one of founders of NorthSec and was a challenge designer for the NorthSec CTF.
More episodes of the podcast The Security Repo
Scaling Open Source Observability and Managing Risk in the Software Supply Chain – Avi Press
10/12/2025
Why Technical CISOs Matter and How AI Is Shaping Security Ops - David Cross on Leading Security
26/11/2025
From Military Intel to CISO: Navigating Security Leadership in the Age of AI – Darren Desmond
12/11/2025
Mapping the InfoSec Community: Building InfoSecMap & Global Security Events – Martín Villalba
05/11/2025
In God we trust