Events | BoostSecurity Labs

## upcoming

Conference

Soon coming to a conference near you...

Living Off The Pipeline: the 3rd act

Spring 2026

Somewhere, Earth

...

Trust us, we'll have something epic to show and tell!

## past

### 2025

PolySécure Dec 4, 2025

Teknik - Don't Go with the Flaw

Garance De La Brosse, François Proulx

PolySécure Nov 11, 2025

Teknik - Split-Second Side Doors: How Bot-Delegated TOCTOU Breaks The CI/CD Threat Model

François Proulx, Alexis-Maurer Fortin, Sébastien Graveline

The Security Repo Oct 29, 2025

Supply Chain Warfare: CI/CD Threats and Open Source Security

François Proulx

LASCON 2025 Oct 23, 2025

Under the Radar: How we found 0-days in the Build Pipeline of OSS Packages

Alexis-Maurer Fortin

OWASP AppSec Days France Sep 23, 2025

OWASP AppSec Days France 2025

François Proulx

Munich Cyber TTP (MCTTP) Sep 17, 2025

Living Off the Pipeline: From Supply Chain 0-Days to Predicting the next XZ-like attacks

François Proulx

OpenSSF SOSS Community Day NA 2025 Jun 26, 2025

Living Off The Pipeline: From Supply Chain 0-Days to Predicting the Next XZ-Like Attacks

François Proulx

PolySécure May 15, 2025

Teknik - Living Off the Pipeline: From Supply Chain 0-Days to Predicting the next XZ-like attacks

François Proulx

NorthSec 2025 May 15, 2025

Living Off The Pipeline: From Supply Chain 0-Days to Predicting the next XZ-like attacks

François Proulx

The Elephant in AppSec Mar 19, 2025

The Open Source Security Crisis: Is Trust the Weakest Link in Supply Chain?

François Proulx

Open Source Security Podcast Feb 10, 2025

Why do we keep ignoring CI security

François Proulx

DSO Overflow Jan 31, 2025

Securing the Software Supply Chain

François Proulx

### 2024

The Application Security Podcast Oct 22, 2024

Arbitrary Code Execution 0-day in Build Pipelines

François Proulx

SecTOR (Black Hat Summit) Oct 22, 2024

Under The Radar: How we found 0-days in the Build Pipeline of OSS Packages

François Proulx

OWASP Global AppSec 2024 Sep 26, 2024

Under The Radar: How we found 0-days in the Build Pipeline of OSS Packages

François Proulx

FLOSS Weekly May 22, 2024

I'll Buy You A Poutine

François Proulx

PolySécure May 16, 2024

Teknik - Build Pipeline Supply Chain Attack

François Proulx

NorthSec 2024 May 16, 2024

Under the Radar: How we found 0-days in the Build Pipeline of OSS Packages

François Proulx, Benoît Côté-Jodoin

OpenSSF SOSS Community Day NA 2024 Apr 15, 2024

Under the Radar: How We Found 0-Days in the Build Pipeline of OSS Packages

François Proulx, Benoît Côté-Jodoin

### 2023

Cloudanix Oct 13, 2023

Shielding Software Supply Chain: Strengthening Security Measures

François Proulx

The Application Security Podcast Jun 22, 2023

Actionable Software Supply Chain Security

François Proulx

NorthSec 2023 May 18, 2023

Broken Links: Behind the scenes of Supply Chain breaches

François Proulx

BSides NYC Apr 22, 2023

Broken Links: Behind the scenes of Supply Chain breaches

François Proulx

### 2022

BSides Montréal Sep 10, 2022

2021 – The Year Of Supply Chain Breaches

François Proulx, Zaid Al Hamami