In this episode we speak to Feross Aboukhadijeh, CEO of Socket.dev), a software supply chain security company. We discuss the risks of using third party dependencies, how JS and NPM could improve their approach to security, whether trust in open source is eroding, and how to improve the overall security posture of your application.
About Feross Aboukhadijeh
Feross is the founder and CEO of Socket), where he's working on a new approach to open source supply chain security. Feross is the author and maintainer of WebTorrent, StandardJS, and 100s of other open source projects which are downloaded 500+ million times per month. Feross is a lecturer at Stanford University where he teaches CS 253 Web Security. Socket, the company Feross started, is auditing every package on npm to detect suspicious changes and block software supply chain attacks). Hundreds of companies use Socket to protect their software applications and critical services from malware and security threats originating in open source code.
Other things mentioned:
Let us know what you think on Twitter:
https://twitter.com/consoledotdev)
https://twitter.com/davidmytton)
Or by email: [email protected]
About Console
Console is the place developers go to find the best tools. Our weekly newsletter picks out the most interesting tools and new releases. We keep track of everything - dev tools, devops, cloud, and APIs - so you don’t have to.
Sign up for free at: https://console.dev)Recorded: 2022-04-06.