The Changelog: Software Development, Open Source cover image

The Changelog: Software Development, Open Source

Securing the open source supply chain (Interview)

Mar 1, 2022
Feross Aboukhadijeh, an open-source developer known for projects like Socket and WebTorrent, joins to discuss the launch of Socket, a tool designed to secure the open-source supply chain. Feross highlights how supply chain attacks have eroded trust in open-source software. He explains Socket’s proactive approach to treating all open-source code as potentially malicious and discusses the alarming prevalence of risks like typo-squatting and package compromises. The conversation sheds light on the collective responsibility needed to enhance security in the tech community.
01:28:21

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode