Techstrong TV — Thu, Jul 9
The Cool-Down Period for Open Source
Alan Shimel with Zaid Al Hamami
Log4j and SolarWinds didn't just wake up the industry — they redefined the attack surface. Zaid Al Hamami, Founder and CEO of BoostSecurity, joins Alan Shimel on TechStrong TV to walk through the wave of software supply chain attacks landing on Microsoft, GitHub, Red Hat, and Cisco, and what defenders are missing. Zaid traces his path from Canonical to Immunio (acquired by Trend Micro) to founding BoostSecurity in 2020, and how a company that started with a DevSecOps mission pivoted its R&D to become one of the first teams to publish open-source attack models for SCM systems and CI/CD pipelines. Alan and Zaid lay out a three-step framework every engineering org needs today: get real visibility into extensions, packages, and pet projects; enforce a "cool-down period" that blocks five-minute-old open-source packages; and treat a supply chain breach as inevitable with real tabletop exercises. They close on how AI accelerates every attacker and what defenders should expect next.