Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

Security News

DevTools Podcast: Rethinking Open Source Security Beyond Buzzwords

Socket CEO Feross Aboukhadijeh joins the hosts of the DevTools podcast to discuss open source maintainership, sustainability, and the challenge of proactively securing dependencies from emerging threats.

DevTools Podcast: Rethinking Open Source Security Beyond Buzzwords

Sarah Gooding

January 17, 2024

Socket CEO Feross Aboukhadijeh was recently a guest on the DevTools.fm podcast with hosts Andrew Lisowski and Justin Bennett. The show features industry leaders discussing modern development tools. In this episode, they explored the inspirations behind Feross’ journey to becoming an open source developer, where he began investing inordinate amounts of free time fixing bugs, fueled by the initial excitement of having other people use his code.

The Arc of Open Source Maintainership#

The episode explores some of the realities and challenges of maintaining popular open source projects, which are often the utilities that attain near ubiquitous use across the web. Developers have contributed countless unpaid hours to these projects but maintainer burnout is a real issue that impacts the longevity of some of the web's most critical infrastructure.

Sustaining open source software is a problem that the ecosystem is still wrestling with, and Feross shared a few of his experiments in funding this valuable contribution to the development community.

Looking Beyond “Supply Chain” Buzzwords#

Socket was created as a response to the challenge of securing an increasingly complex ecosystem of interconnected dependencies. As the average number of dependencies continues to climb in tandem with rising supply chain attacks, the open source security space has reached a point of reckoning where the obsession with known vulnerabilities is now glaringly inadequate.

The industry is shifting towards a more vigilant scrutiny of the entire software supply chain, including behavior analysis and proactive detection of emerging threats.

Feross dives deeper into how Socket uses LLM’s to detect malicious code at scale, combined with a human review queue to reduce false positives. He envisions a future where developers take a more cautious and conscious approach to open source dependency management while actively improving the quality of the packages they are using.

Check out the episode embedded below or visit the DevTools website for the full transcript.

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Try it now

Ready to block malicious and vulnerable dependencies?

Install GitHub AppBook a demo

Related posts

Back to all posts
Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

Security News

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.

By Sarah Gooding  -  Nov 20, 2024
SocketSocket SOC 2 Logo

Product

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc