Open in app
Sign inGet started
Go to the profile of François Proulx
François Proulx

Unveiling ‘poutine’: An Open Source Build Pipelines security scanner

Read more…
Go to the profile of François Proulx
François Proulx

Opening the Pandora’s box — Supply Chain Insider Threats in Open Source projects

Giving repo “Write”…

Read more…
Go to the profile of François Proulx
François Proulx

The tale of a Supply Chain near-miss incident

We disclosed to Chainguard in December 2023 that a…

Read more…
1 response
Go to the profile of François Proulx
François Proulx

Erosion of Trust: Unmasking Supply Chain Vulnerabilities in the Terraform Registry

Read more…
Go to the profile of François Proulx
François Proulx

SLSA dip — It’s Build Time!

This article is part of a multi-part series about the security of the…

Read more…
Go to the profile of François Proulx
François Proulx

SLSA dip — At the Source of the problem!

This article is part of a multi-part series about the…

Read more…
1 response
Go to the profile of Zaid Al Hamami
Zaid Al Hamami

What is the Software Supply Chain — and how do I secure it?

In a previous blog article, we described the modern software supply chain. In a nutshell, this is everything from the developer, their laptop, your source code management system, the continuous integration machinery, all the…

Read more…
Go to the profile of Zaid Al Hamami
Zaid Al Hamami

OpenSSL Critical Security Issue

The OpenSSL project has announced that a critical severity vulnerability exists in versions 3.0.x of the…

Read more…
Go to the profile of Zaid Al Hamami
Zaid Al Hamami

Developing software securely…

Cybersecurity is hard. Companies stacked with security talent, and no shortage of cybersecurity budgets get…

Read more…
About boostsecurityLatest StoriesArchiveAbout MediumTermsPrivacyTeams