The Risks of Relying on Code and Package Maintainers

This week we talk to the open source legend Feross Aboukhadijeh about his journey into open source, the challenges of open source funding, and his new company Socket.Socket is a tool that aims to make OSS security level up by providing a way to audit your dependencies for security vulnerabilities.They are able to detect much more complex vulnerabilities than the current tools on the market by using a combination of static analysis, dynamic analysis, and even some LLMs!Come get scared with us as we delve into the world of open source security.

- https://feross.org/

- https://github.com/feross

- https://twitter.com/feross

- https://twitter.com/SocketSecurity

- https://socket.dev/

Episode sponsored By Raycast (https://www.raycast.com/)
Become a paid subscriber our patreon, spotify, or apple podcasts for the full episode.

- https://www.patreon.com/devtoolsfm

- https://podcasters.spotify.com/pod/show/devtoolsfm/subscribe

- https://podcasts.apple.com/us/podcast/devtools-fm/id1566647758

- https://www.youtube.com/@devtoolsfm/membership