François Proulx - Arbitrary Code Execution 0-day in Build Pipeline of Popular Open Source Packages

François Proulx shares his discovery of security vulnerabilities in build pipelines. Francois has found that attackers can exploit this often overlooked side of the software supply chain. To help address this, his team developed an open source scanner called Poutine that can identify vulnerable build pipelines at scale and provide remediation guidance. Francois has over 10 years of experience in building application security programs, he’s also the founder of the NorthSec conference in Montre...