Modern software extensively utilizes open source dependencies, often incorporating thousands of packages managed by global developers. This promotes innovation but also introduces significant supply chain risks, as attackers increasingly target popular libraries to distribute malware on a large scale.
Feross Aboukhadijeh is the founder and CEO of Socket, a security platform that safeguards software projects from open source supply chain attacks. In this episode, he joins Josh Goldberg to discuss his open source career, open source supply chain attacks, practical security lessons, the growing attack surface in software development, and more.
Josh Goldberg is an independent, full-time open source developer within the TypeScript ecosystem. He works on projects that assist developers in writing better TypeScript, most notably on typescript-eslint: the tools that allow ESLint and Prettier to operate on TypeScript code. Josh consistently contributes to open source projects like ESLint and TypeScript. He is a Microsoft MVP for developer technologies and the author of the acclaimed “Learning TypeScript” (O’Reilly), a valued resource for developers learning TypeScript without prior experience beyond JavaScript. Josh frequently delivers talks and workshops at bootcamps, conferences, and meetups to share knowledge on TypeScript, static analysis, open source, as well as general frontend and web development.
Sponsors:
Is your AI model taking weeks to train? Or is it too slow for real-time inference? Fixstars AI Booster is the acceleration platform that resolves both. AI Booster automatically analyzes and optimizes your entire AI pipeline, resulting in dramatically faster training—up to 5x faster, and compute costs reduced by up to 80%. Trusted by major companies including Sony Honda Mobility. Stop waiting on your hardware. Visit fixstars.com to learn how.