Modern software relies heavily on open source dependencies, often pulling in thousands of packages maintained by developers all over the world. This accelerates innovation but also creates serious supply chain risks as attackers increasingly compromise popular libraries to spread malware at scale.
Feross Aboukhadijeh is the founder and CEO of Socket which is a security platform designed to protect software projects from open source supply chain attacks. In this episode he joins Josh Goldberg to talk about his career in open source, open source supply chain attacks, practical security lessons, the expanding attack surface in software development, and more.
Josh Goldberg is an independent full time open source developer in the TypeScript ecosystem. He works on projects that help developers write better TypeScript more easily, most notably on typescript-eslint: the tooling that enables ESLint and Prettier to run on TypeScript code. Josh regularly contributes to open source projects in the ecosystem such as ESLint and TypeScript. Josh is a Microsoft MVP for developer technologies and the author of the acclaimed Learning TypeScript (O’Reilly), a cherished resource for any developer seeking to learn TypeScript without any prior experience outside of JavaScript. Josh regularly presents talks and workshops at bootcamps, conferences, and meetups to share knowledge on TypeScript, static analysis, open source, and general frontend and web development.
The post Blocking Software Supply Chain Attacks with Feross Aboukhadijeh appeared first on Software Engineering Daily.
