Feross Aboukhadijeh
December 5, 2022
Socket helps developers ship faster and spend less time on security busywork by helping them safely find, audit, and manage Open Source Software at scale. The Socket platform enables security and developer teams to work together to securely use and maintain OSS within the organization.
Open source has won. But security has often been an afterthought. That’s why we are thrilled to share that Socket is joining the Open Source Security Foundation (OpenSSF), the cross-industry organization bringing together the most important open source security initiatives and the individuals and companies that support them.
As maintainers of open source packages which are installed over 1 billion times per month, the Socket team is intimately familiar with the massive growth in open source dependency usage. Modern applications use thousands of dependencies written by hundreds of maintainers, and installing even one package leads to dozens of transitive dependencies coming along for the ride.
Unfortunately, it is far too easy for a bad actor to infiltrate the software supply chain and wreak havoc. That’s why Socket is proud to join OpenSSF and do our part to make open source safe for everyone with our industry-leading approach to software composition analysis which is already used by thousands of companies to detect and prevent supply chain attacks.
The Socket team is excited to work with other OpenSSF member companies to safeguard the open source ecosystem for everyone.
“A growing community of organizations, developers, researchers, and security professionals are investing the time and resources needed to strengthen open source security,” said Jamie Thomas, OpenSSF Board Chair and IBM Enterprise Security Executive. “New members of OpenSSF are joining at a time when cross-industry collaboration and innovation are needed more than ever to proactively respond to pervasive cybersecurity threats.”
This is just the start of our work to secure the open source supply chain for everyone. We are excited to collaborate with all OpenSSF members to make software supply chains more secure for everyone.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.
Company News
Come meet the Socket team at BSidesSF and RSA! We're sponsoring several fun networking events and we would love to see you there.
