Software Engineering Daily Blocking Software Supply Chain Attacks with Feross Aboukhadijeh
10 snips
Dec 9, 2025 Feross Aboukhadijeh, the founder and CEO of Socket, brings his expertise in open source and package security to the discussion. He shares insights into the ever-growing risks of software supply chains, emphasizing the importance of securing dependencies. Feross recounts his journey from developing WebTorrent to tackling issues like maintainer burnout. He provides practical tips on maintaining safe code, highlights threats from AI-driven attacks, and stresses the need for robust vetting processes. Plus, he lightens up the conversation with charming tales about his kittens!
AI Snips
Chapters
Books
Transcript
Episode notes
YouTube Instant Went Viral Overnight
- Feross built YouTube Instant in a few hours and it went viral overnight, leading to press and a job offer from YouTube.
- The experience taught him to ship quickly and iterate based on real user interest.
Turning A Failed Startup Into WebTorrent
- After an unsuccessful startup and Yahoo acquisition, Feross open-sourced his peer-to-peer CDN ideas as WebTorrent.
- WebTorrent enabled browser-to-browser torrents and later achieved wide protocol support.
Community Eyes Often Come Too Late
- Many supply chain compromises persist because few people actually read dependency source code.
- Community discovery is accidental and can take months, so proactive detection matters.
