Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in
Back
Security News

DevTools Podcast: Rethinking Open Source Security Beyond Buzzwords

Socket CEO Feross Aboukhadijeh joins the hosts of the DevTools podcast to discuss open source maintainership, sustainability, and the challenge of proactively securing dependencies from emerging threats.

DevTools Podcast: Rethinking Open Source Security Beyond Buzzwords

Sarah Gooding

January 17, 2024

Socket CEO Feross Aboukhadijeh was recently a guest on the DevTools.fm podcast with hosts Andrew Lisowski and Justin Bennett. The show features industry leaders discussing modern development tools. In this episode, they explored the inspirations behind Feross’ journey to becoming an open source developer, where he began investing inordinate amounts of free time fixing bugs, fueled by the initial excitement of having other people use his code.

The Arc of Open Source Maintainership#

The episode explores some of the realities and challenges of maintaining popular open source projects, which are often the utilities that attain near ubiquitous use across the web. Developers have contributed countless unpaid hours to these projects but maintainer burnout is a real issue that impacts the longevity of some of the web's most critical infrastructure.

Sustaining open source software is a problem that the ecosystem is still wrestling with, and Feross shared a few of his experiments in funding this valuable contribution to the development community.

Looking Beyond “Supply Chain” Buzzwords#

Socket was created as a response to the challenge of securing an increasingly complex ecosystem of interconnected dependencies. As the average number of dependencies continues to climb in tandem with rising supply chain attacks, the open source security space has reached a point of reckoning where the obsession with known vulnerabilities is now glaringly inadequate.

The industry is shifting towards a more vigilant scrutiny of the entire software supply chain, including behavior analysis and proactive detection of emerging threats.

Feross dives deeper into how Socket uses LLM’s to detect malicious code at scale, combined with a human review queue to reduce false positives. He envisions a future where developers take a more cautious and conscious approach to open source dependency management while actively improving the quality of the packages they are using.

Check out the episode embedded below or visit the DevTools website for the full transcript.

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Try it now

Ready to block malicious and vulnerable dependencies?

Install GitHub AppBook a Demo

Related posts

Back to all posts
Rspack Introduces Rslint, a TypeScript-First Linter Written in Go

Security News

Rspack Introduces Rslint, a TypeScript-First Linter Written in Go

Rspack launches Rslint, a fast TypeScript-first linter built on typescript-go, joining in on the trend of toolchains creating their own linters.

By Sarah Gooding  -  Aug 20, 2025
Oxlint Introduces Type-Aware Linting Preview

Security News

Oxlint Introduces Type-Aware Linting Preview

Oxlint’s new preview brings type-aware linting powered by typescript-go, combining advanced TypeScript rules with native-speed performance.

By Sarah Gooding  -  Aug 18, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.