Security the Software Supply Chain with Francois Proulx
In this episode, featuring Francois Proulx, a senior product security engineer, we discuss software supply chain security, particularly the security of build pipelines and dependencies. Francois shares insights on defining supply chains, identifying vulnerabilities, threat modeling, and strategies to improve security. The conversation explores topics like the SALSA framework, risk factors in CI/CD pipelines, and reducing complexity in dependencies. The discussion emphasizes threat awareness, holistic approaches, and the importance of isolating critical processes in software development. Practical tools and insights on research and AI’s role in security were also touched upon.
DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.
Podden och tillhörande omslagsbild på den här sidan tillhör
Glenn Wilson, and Steve Giguere. Innehållet i podden är skapat av Glenn Wilson, and Steve Giguere och inte av,
eller tillsammans med, Poddtoppen.