Why do we keep ignoring CI security with François Proulx

François Proulx, a supply chain security researcher at Boost Security, discusses how continuous integration (CI) and build pipeline security represents a critical and overlooked hole in our supply chain security. It seems like most supply chain compromises are actually from CI system breaches rather than direct code compromise, yet we seem to obsess over everything on either side of the CI system. François has a bunch of really good practical suggestions for how we can start to improve our CI security today. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-02-ignoring_ci_security_francois_proulx/

NOW PLAYING

0:00 23:38

1×

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

58 ~ The end of an era, goodbye Held 🧚🏻‍♀️ 🐍 🐎

Feb 18, 2026 ·26m

Episode 5 – AI-AI-Oh…

Jul 24, 2025 ·73m

Episode 4 – Our BSides A-game

Nov 3, 2024 ·52m

Episode 3 – Artificial Red No.3

Sep 26, 2024 ·67m

Episode 2 – On Ground at DEF CON 32

Sep 16, 2024 ·139m

Episode 1 – Naima & Nathan

Aug 14, 2024 ·76m

Similar Podcasts

Technado (Archived) ACI Learning The Technado crew covers a whirlwind of tech topics each week from interviews with industry experts and up-and-coming companies to commentary on topics like security, vendor certifications, networking, and just about anything IT related. Explicit TCAST: The Future of Data & AI TARTLE The Data Intelligence Podcast (TCAST) explores the intersection of AI, data privacy, and ethical technology. Join Alexander McCaig and Jason Rigby as they decode the future of data ownership, artificial intelligence, and digital privacy with industry leaders, researchers, and innovators.Each episode delivers actionable insights on:AI and machine learning developmentsData privacy and ownership strategiesEthical technology implementationReal-world applications of data intelligenceFuture trends in digital identity and data marketplacesPerfect for tech leaders, data scientists, privacy advocates, and forward-thinking professionals looking to understand and shape the future of data and AI.Presented by TARTLE, pioneers in ethical data exchange and AI enhancement. New episodes every week.The show is hosted by Co-Founder and Source Data Pioneer Alexander McCaig and Head of Conscious Marketing Jason Rigby.What's your data worth? Find out at (https://tartle.co/)Watch the podcast on Yo Explicit Techlore Surveillance Report Techlore Techlore Surveillance Report is your weekly deep-dive into the privacy and security news that matters for your digital freedom. Hosted by Henry Fisher, founder of Techlore and long-time digital rights educator, each episode cuts through the noise to bring you carefully selected stories with the context, analysis, and historical perspective you need to truly understand what's happening to protect yourself (and others!) in the digital space.Topics covered include:• Privacy tool updates and vulnerabilities• Data breaches and cybersecurity incidents• Surveillance technology and government overreach• Big Tech privacy policies and practices• Encryption and security standards• Digital rights legislation and court cases• Open-source software developments• Corporate data practices and accountabilityWhether you're a beginner trying to stay informed or a seasoned expert tracking the ecosystem, Surveillance Report has Explicit BellingChat Bellingcat Join the Bellingcat team as they discuss their latest work for Bellingcat, open source investigation, and their takes on recent news stories. For more information on BellingChat and our investigations please visit www.bellingcat.comTo support our work and to access exclusive content please donate via www.patreon.com/bellingcat Explicit

Frequently Asked Questions

How long is this episode of Open Source Security?

This episode is 23 minutes long.

When was this Open Source Security episode published?

This episode was published on February 10, 2025.

What is this episode about?

Can I download this Open Source Security episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.

URL copied to clipboard!