Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Sarah Gooding
January 17, 2024
Socket CEO Feross Aboukhadijeh was recently a guest on the DevTools.fm podcast with hosts Andrew Lisowski and Justin Bennett. The show features industry leaders discussing modern development tools. In this episode, they explored the inspirations behind Feross’ journey to becoming an open source developer, where he began investing inordinate amounts of free time fixing bugs, fueled by the initial excitement of having other people use his code.
The episode explores some of the realities and challenges of maintaining popular open source projects, which are often the utilities that attain near ubiquitous use across the web. Developers have contributed countless unpaid hours to these projects but maintainer burnout is a real issue that impacts the longevity of some of the web's most critical infrastructure.
Sustaining open source software is a problem that the ecosystem is still wrestling with, and Feross shared a few of his experiments in funding this valuable contribution to the development community.
Socket was created as a response to the challenge of securing an increasingly complex ecosystem of interconnected dependencies. As the average number of dependencies continues to climb in tandem with rising supply chain attacks, the open source security space has reached a point of reckoning where the obsession with known vulnerabilities is now glaringly inadequate.
The industry is shifting towards a more vigilant scrutiny of the entire software supply chain, including behavior analysis and proactive detection of emerging threats.
Feross dives deeper into how Socket uses LLM’s to detect malicious code at scale, combined with a human review queue to reduce false positives. He envisions a future where developers take a more cautious and conscious approach to open source dependency management while actively improving the quality of the packages they are using.
Check out the episode embedded below or visit the DevTools website for the full transcript.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.