François Proulx - Arbitrary Code Execution 0-day in Build Pipeline of Popular Open Source Packages
The Application Security Podcast
00:00
Securing Open Source with Poutine
This chapter explores the capabilities of the Poutine tool for developers managing open source components, emphasizing its ability to scan for vulnerabilities in both public and private repositories. It also discusses the importance of threat modeling in software supply chains, the limitations of traditional S-BOMs, and introduces a training program, Messy Poutine, that educates users on vulnerability exploitation through practical exercises.
Transcript
Play full episode
