Modern software extensively utilizes open source dependencies, incorporating thousands of packages maintained by developers globally. This fosters innovation but introduces significant supply chain risks as attackers increasingly target popular libraries to distribute malware widely.
Feross Aboukhadijeh is the founder and CEO of Socket, a security platform aimed at safeguarding software projects from open source supply chain attacks. In this episode, he joins Josh Goldberg to discuss his journey in open source, open source supply chain attacks, practical security insights, the growing attack surface in software development, and more.
Josh Goldberg is an independent full-time open source developer in the TypeScript ecosystem. He works on projects that help developers write better TypeScript more easily, most notably on typescript-eslint: the tooling that enables ESLint and Prettier to operate on TypeScript code. Josh actively contributes to open source initiatives like ESLint and TypeScript. He is a Microsoft MVP for developer technologies and the author of the well-regarded Learning TypeScript (O’Reilly), a valuable resource for developers wanting to learn TypeScript from scratch. Josh frequently gives talks and conducts workshops at bootcamps, conferences, and meetups, sharing insights on TypeScript, static analysis, open source, and general frontend and web development.
Sponsors
Is your AI model training taking too long or too slow for real-time inference? Fixstars AI Booster is the solution to accelerate your AI pipeline. It automatically analyzes and optimizes your entire AI process, resulting in dramatically faster training—up to 5x faster, and reducing compute costs by up to 80%. Trusted by major companies like Sony Honda Mobility. Don’t let hardware delays hold you back. Visit fixstars.com to find out how.