
The Changelog: Software Development, Open Source
Securing the open source supply chain (Interview)
Mar 1, 2022
Feross Aboukhadijeh, an open-source developer known for projects like Socket and WebTorrent, joins to discuss the launch of Socket, a tool designed to secure the open-source supply chain. Feross highlights how supply chain attacks have eroded trust in open-source software. He explains Socket’s proactive approach to treating all open-source code as potentially malicious and discusses the alarming prevalence of risks like typo-squatting and package compromises. The conversation sheds light on the collective responsibility needed to enhance security in the tech community.
01:28:21
Episode guests
AI Chapters
Episode notes
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.