Socket CEO Feross Aboukhadijeh was recently a guest on the DevTools.fm podcast with hosts Andrew Lisowski and Justin Bennett. The show features industry leaders discussing modern development tools. In this episode, they explored the inspirations behind Feross’ journey to becoming an open source developer, where he began investing inordinate amounts of free time fixing bugs, fueled by the initial excitement of having other people use his code.
The episode explores some of the realities and challenges of maintaining popular open source projects, which are often the utilities that attain near ubiquitous use across the web. Developers have contributed countless unpaid hours to these projects but maintainer burnout is a real issue that impacts the longevity of some of the web's most critical infrastructure.
Sustaining open source software is a problem that the ecosystem is still wrestling with, and Feross shared a few of his experiments in funding this valuable contribution to the development community.
Socket was created as a response to the challenge of securing an increasingly complex ecosystem of interconnected dependencies. As the average number of dependencies continues to climb in tandem with rising supply chain attacks, the open source security space has reached a point of reckoning where the obsession with known vulnerabilities is now glaringly inadequate.
The industry is shifting towards a more vigilant scrutiny of the entire software supply chain, including behavior analysis and proactive detection of emerging threats.
Feross dives deeper into how Socket uses LLM’s to detect malicious code at scale, combined with a human review queue to reduce false positives. He envisions a future where developers take a more cautious and conscious approach to open source dependency management while actively improving the quality of the packages they are using.
Check out the episode embedded below or visit the DevTools website for the full transcript.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Application Security
/Security News
Socket CEO Feross Aboukhadijeh and a16z partner Joel de la Garza discuss vibe coding, AI-driven software development, and how the rise of LLMs, despite their risks, still points toward a more secure and innovative future.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
