Risky Business #736 -- Azure misconfigurations are 2024's looming threat
Risky Business
Detecting and Blocking Malicious Packages in Public Registries
Exploration of challenges in detecting and blocking malicious packages in JavaScript, Python, and Go ecosystems, including typo squatting and dependency confusion attacks. Discussion on the impact of GitHub's lack of malware takedown information in their advisories database and the benefits of tools that track takedowns for identifying risks in dependencies. Insights on the risks posed by legacy security tools in supply chain attacks, emphasizing the need for a proactive security strategy like Socket for real-time package analysis.
00:00
Transcript
Play full episode
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
