Modern software extensively depends on open source components, often incorporating numerous packages curated by global developers. While this fosters rapid innovation, it also presents significant supply chain vulnerabilities as attackers increasingly target popular libraries to disseminate malware broadly.
Feross Aboukhadijeh, the founder and CEO of Socket, a security platform engineered to safeguard software projects from open source supply chain attacks, joins Josh Goldberg in this episode. They discuss Feross’ journey in open source, the nuances of open source supply chain threats, security best practices, the growing attack surface in software development, and more.
Josh Goldberg, an independent full-time open source developer, is active in the TypeScript ecosystem. He focuses on projects that simplify writing TypeScript, including typescript-eslint, which allows ESLint and Prettier to function with TypeScript. Josh contributes to projects like ESLint and TypeScript and has been recognized as a Microsoft MVP for developer technologies. He authored “Learning TypeScript” (O’Reilly), a vital resource for those new to TypeScript from JavaScript backgrounds. Josh frequently shares his knowledge through talks and workshops at various events, covering topics like TypeScript, static analysis, open source, and front-end and web development.
Sponsors
If your AI model is slow in training or inference, Fixstars AI Booster is the solution. It accelerates your AI pipeline, with up to 5x faster training and up to 80% reduced compute costs. Trusted by major firms including Sony Honda Mobility, it prevents hardware delays. Visit fixstars.com for more information.