![Oracle Drags Its Feet in the JavaScript Trademark Dispute](https://cdn.sanity.io/images/cgdhsj6q/production/919c3b22c24f93884c548d60cbb338e819ff2435-1024x1024.webp?w=400&fit=max&auto=format)
Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
Application Security
Sarah Gooding
February 6, 2024
Socket CEO Feross Aboukhadijeh was recently a guest on the CyberBytes podcast with host Steffan Foley where they discussed open source software and common mistakes companies make when it comes to supply chain security.
Feross highlighted the pressure developers face to ship features rapidly, often without full awareness of the open source code they are utilizing. Security teams don’t want to impede developers moving fast but at the same time are struggling with the challenge of securing massive dependency trees, which are frequently comprised of thousands and thousands of dependencies — source code that almost nobody reads.
The inspiration for Socket came from Feross’ experience creating the Wormhole app with more than 1,000 dependencies. He interviewed more than 40 CISO’s about how they vet their open source dependencies for supply chain attacks and found that most were still tethered to traditional SCA tools that only catch known vulnerabilities. It’s for this reason Socket was designed to drill down into the code of each dependency and analyze it for malicious behavior.
This podcast episode explores the hacker mindset and the complex problem of protecting against threat actors who are naturally inclined to poke at systems. Open source security is currently experiencing a major platform shift towards a more proactive approach, as companies can no longer afford to be obsessed with vulnerabilities to the exclusion of supply chain attacks.
Check out the episode on Spotify or watch the video on YouTube.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.