The Changelog: Software Development, Open Source

Securing the open source supply chain (Interview)

Mar 1, 2022

01:28:21

Creator website

Highlights

AI Chapters

Episode notes

Isn't a Typo Squatting Typeo?

02:41

Is There a Way to Improve a Package?

02:42

Is It a Good Idea to Bet on a Package?

02:58

Introduction

3min

Change Log Two Two Seven, a Long Time Ago?

2min

Wormhole: A Project to Help You Send Files Securely

3min

Using Dependencies in a DevOps Environment

4min

Ua Parser J S, and the Colors.

3min

Java Script Programming

2min

Is There a Way to Improve a Package?

3min

What's a Common Vulnerabilities and Exposures?

4min

Gitabap for Socket

3min

10.

Is There a Security Holding Package in Your Application?

4min

11.

Square at Partner - How to Make a Difference in the Market Place

3min

12.

Type of Squatting Detection Algorithms

2min

13.

Isn't a Typo Squatting Typeo?

3min

14.

Github Ap - Is There a New Maintainer?

3min

15.

Jquery Packages

3min

16.

Do You Know How to Run Analysis Tasks?

5min

17.

The Problem of Supply Chan Tax Is Not JavaScript Specific.

2min

18.

Is There Anything Better Than That?

5min

19.

What's the Adoption Story?

3min

20.

Build Your Own Productivity Platform - Retoll Dot Com.

3min

21.

Open Source Sockets - What's the Story?

2min

22.

The Mp M Downl Number, S It Is

5min

23.

Is It a Good Idea to Bet on a Package?

3min

24.

Do You Allow Packages to Do Telematry?

2min

25.

Open Sor Sot

2min

26.

Ajax Wrapper

2min

27.

Socket Isn't Preventing, It's Awareness

2min

28.

Is There a Future With Socket in It?

5min

29.

Socket for Open Source - The Future of Open Source Software

3min

This week we’re joined by the “mad scientist” himself, Feross Aboukhadijeh…and we’re talking about the launch of Socket — the next big thing in the fight to secure and protect the open source supply chain.

While working on the frontlines of open source, Feross and team have witnessed firsthand how supply chain attacks have swept across the software community and have damaged the trust in open source. Socket turns the problem of securing open source software on its head, and asks…“What if we assume all open source may be malicious?” So, they built a system that proactively detects indicators of compromised open source packages and brings awareness to teams in real-time. We cover the whys, the hows, and what’s next for this ambitious and very much needed project.

Join the discussion

Changelog++ members get a bonus 10 minutes at the end of this episode and zero ads. Join today!

Sponsors:

Sentry – Working code means happy customers. That’s exactly why teams choose Sentry. From error tracking to performance monitoring, Sentry helps teams see what actually matters, resolve problems quicker, and learn continuously about their applications - from the frontend to the backend. Use the code CHANGELOG and get the team plan free for three months.
Square – Develop on the platform that sellers trust. There is a massive opportunity for developers to support Square sellers by building apps for today’s business needs. Learn more at developer.squareup.com to dive into the docs, APIs, SDKs and to create your Square Developer account — tell them Changelog sent you.
Retool – Retool is a low-code platform built specifically for developers that makes it fast and easy to build internal tools. Instead of building internal tools from scratch, the world’s best teams, from startups to Fortune 500s, are using Retool to power their internal apps. Learn more and try it for free at retool.com/changelog
WorkOS – A platform that gives developers a set of building blocks for quickly adding enterprise-ready features to their application. Add Single Sign-On (Okta, Azure, Google, Microsoft OAuth), sync users from any SCIM directory, HRIS integration, audit trails (SIEM), free magic link sign-in. WorkOS is designed for developers and offers a single, elegant interface that abstracts dozens of enterprise integrations. Learn more and get started at WorkOS.com