The Cool-Down Period for Open Source
Techstrong TV Interviews
•
19m
Log4j and SolarWinds didn't just wake up the industry — they redefined the attack surface. Zaid Al Hamami, Founder and CEO of BoostSecurity, joins Alan Shimel on TechStrong TV to walk through the wave of software supply chain attacks landing on Microsoft, GitHub, Red Hat, and Cisco, and what defenders are missing. Zaid traces his path from Canonical to Immunio (acquired by Trend Micro) to founding BoostSecurity in 2020, and how a company that started with a DevSecOps mission pivoted its R&D to become one of the first teams to publish open-source attack models for SCM systems and CI/CD pipelines. Alan and Zaid lay out a three-step framework every engineering org needs today: get real visibility into extensions, packages, and pet projects; enforce a "cool-down period" that blocks five-minute-old open-source packages; and treat a supply chain breach as inevitable with real tabletop exercises. They close on how AI accelerates every attacker and what defenders should expect next.
Up Next in Techstrong TV Interviews
-
The End of the Print Driver
The printer is the most overlooked endpoint in the enterprise — sitting on the network with system-level privileges, untouched architecturally for 20 years, and quietly perfect for spoofing, DDoS staging, and zombie-printer pivots. Kevin Pickhardt, Executive Chairman of Pharos and a Xerox PARC al...
-
Bespoke Kill Chains and the End of Si...
Attackers are no longer sending mass phishing runs — they are using AI to build one-off, bespoke kill chains that are architecturally designed to slip past every gateway you own. Alan LeFort, CEO and Co-Founder of StrongestLayer, joins Alan Shimel on TechStrong TV to unpack what his team found wh...
-
TuxCare Warns AI Will Weaponize Vulne...
Mike Vizard talks with Igor Seletskiy, CEO and Founder of TuxCare, about why AI-driven vulnerability discovery and weaponization could reshape enterprise security. Seletskiy explains that even low-severity flaws can become dangerous when attackers use AI models to chain exploits, reverse engineer...