devtools.fm: Developer Tools, Open Source, Software Development cover image

devtools.fm: Developer Tools, Open Source, Software Development

Feross Aboukhadijeh - Socket

Jan 16, 2024
Open source legend Feross Aboukhadijeh discusses his journey into open source, challenges of open source funding, and his company Socket. Socket aims to level up OSS security and can detect complex vulnerabilities using static and dynamic analysis. They delve into the world of open source security, including device identifiers, managing open source packages, controversial funding experiments, the risks of relying on code maintainers, and the importance of considering the software supply chain.
01:08:11

Podcast summary created with Snipd AI

Quick takeaways

  • Open source vulnerabilities and attacks pose serious risks, even from trusted sources.
  • WebTorrent enables decentralized file sharing and cooperation without a centralized authority.

Deep dives

Open source vulnerabilities and attacks

The podcast episode discusses the dangers of open source vulnerabilities and attacks. It highlights real-life examples, such as the event stream package compromise in 2017, where a malicious actor targeted a crypto wallet by injecting code into a widely used package. The episode emphasizes the potential risks and the need for developers to be aware of the code they rely on, even from trusted sources. It also explores the challenges in open source funding and the difficulties in maintaining packages at scale.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode