S5Ep1 - Securing the Software Supply Chain with Francois Proulx Artwork

DSO Overflow

In this podcast, we speak with professionals working in cyber security, software engineering and operations to talks about a number of DevSecOps topics. We discuss how organisations factor security into their product delivery cycles without compromising the value of doing DevOps and Agile.

All Episodes

DSO Overflow

S5Ep1 - Securing the Software Supply Chain with Francois Proulx

January 31, 2025 • Season 5 • Episode 1

DSO Overflow S5EP1

Security the Software Supply Chain
with
Francois Proulx

In this episode, featuring Francois Proulx, a senior product security engineer, we discuss software supply chain security, particularly the security of build pipelines and dependencies. Francois shares insights on defining supply chains, identifying vulnerabilities, threat modeling, and strategies to improve security. The conversation explores topics like the SALSA framework, risk factors in CI/CD pipelines, and reducing complexity in dependencies. The discussion emphasizes threat awareness, holistic approaches, and the importance of isolating critical processes in software development. Practical tools and insights on research and AI’s role in security were also touched upon.

Resources mentioned in this podcast:

DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.

This podcast is brought to you by our sponsors: Prisma Cloud, Tigera and Apiiro

Your Hosts
Steve Giguere linkedin.com/in/stevegiguere
Glenn Wilson linkedin.com/in/glennwilson
Jessica Cregg linkedin.com/in/jessicacregg

People on this episode

Glenn Wilson

Co-host

Steve Giguere

Co-host