undefined

Feross Aboukhadijeh

Creator and maintainer of hundreds of open source projects, including StandardJS, BitMidi, and WebTorrent. Known for work in WebRTC and peer-to-peer technologies.

Top 10 podcasts with Feross Aboukhadijeh

Ranked by the Snipd community
undefined
8 snips
Jun 26, 2024 • 44min

Cybersecurity's Past, Present, and AI-Driven Future

Travis McPeak, CEO and Co-founder of Resourcely, delves into the historical evolution of cybersecurity, emphasizing the shift from minimal measures in the 90s to today’s complexities. Feross Aboukhadijeh, CEO of Socket, shares insights on the XZ Utils cyber attack, revealing its sophisticated, state-sponsored nature. Andrej Safundzic, CEO of Lumos, explores the future of autonomous security systems and their potential to revolutionize startup security. Together, they highlight the urgent need for innovative approaches to combat rising AI-driven threats.
undefined
8 snips
Dec 15, 2023 • 1h 7min

705: Is Running Random Code From npm Safe? With Feross Aboukhadijeh

Feross Aboukhadijeh, a software developer known for Socket, Wormhole, and WebTorrent, discusses vital security improvements for npm code installations. He unveils Socket's role in ensuring open-source safety and transparency while introducing AI-driven package summaries. Feross shares insights into the risks of malicious code and the ethical responsibilities for developers. He also explores the innovative functionality of WebTorrent and challenges faced in decentralized file sharing, all while emphasizing the importance of community vigilance in a secure coding environment.
undefined
5 snips
Nov 13, 2024 • 1h 3min

Risky Business #770 -- A Russian IR guy discovers extremely cool spookware

Chris Tarbell, a former FBI agent famed for his role in the Silk Road case, shares dramatic insights into combating cybercrime. He discusses the complexities of Ross Ulbricht’s story and the potential implications of a changing political landscape. Feross Aboukhadijeh, founder of Socket.dev, argues for a centralized tracking system for supply chain attacks, highlighting vulnerabilities in software ecosystems. The conversation delves into Apple’s new security feature limiting law enforcement access and the ongoing evolution of cybersecurity challenges in today’s digital landscape.
undefined
May 3, 2024 • 39min

Securing the Software Supply Chain with LLMs

Feross Aboukhadijeh from Socket discusses using large language models to secure the software supply chain, overcoming challenges like the recent XZutils attack. They explore how AI tools can help identify risky packages, cut down on noise, and make security problems tractable. The conversation dives into the role of LLMs in scanning open source code, improving security maturity with NIST standards, and the evolving landscape of security against advanced attackers.
undefined
Feb 13, 2024 • 53min

Risky Business #736 -- Azure misconfigurations are 2024's looming threat

Expert Feross Aboukhadijeh discusses the influx of malicious code in repositories. Topics include Azure misconfigurations, Ivanti exploits, Starlink in Ukraine, and Canada's Flipper Zero crackdown. The podcast delves into the challenges in detecting and blocking malicious packages, cybersecurity trends like crypto attacks, and Discord token theft. A mix of security news and insightful discussions.
undefined
Jan 16, 2024 • 1h 8min

Feross Aboukhadijeh - Socket

Open source legend Feross Aboukhadijeh discusses his journey into open source, challenges of open source funding, and his company Socket. Socket aims to level up OSS security and can detect complex vulnerabilities using static and dynamic analysis. They delve into the world of open source security, including device identifiers, managing open source packages, controversial funding experiments, the risks of relying on code maintainers, and the importance of considering the software supply chain.
undefined
Jan 8, 2024 • 8min

The I in LLM stands for intelligence (Changelog News #76)

Daniel Stenberg is frustrated with AI tooling for finding security bugs, Brian Birtles shares surprising web dev beliefs, Feross Aboukhadijeh talks about npm prank fallout, Rob Pike discusses right and wrong with Go, and Gavin Howard challenges the idea that “all code is tech debt”.
undefined
Jan 8, 2024 • 8min

The I in LLM stands for intelligence

Experienced developer frustrated with AI tooling for finding security bugs, web developer surprised by weird beliefs in engineering, fallout from nasty npm prank, thoughts on what they got right and wrong with Go, and challenging the view that all code is tech debt.
undefined
May 19, 2022 • 34min

Ep. #101, Supply Chain Security with Feross Aboukhadijeh of Socket

Feross Aboukhadijeh of Socket shares insights on supply chain security, discussing npm package vulnerabilities, the importance of safeguarding open source elements, and tools like soc.dev. The episode also explores internet crime, security podcasts, coffee culture, and using a Burr Coffee Grinder for enhanced flavor.
undefined
Mar 1, 2022 • 1h 28min

Securing the open source supply chain (Interview)

Feross Aboukhadijeh, an open-source developer known for projects like Socket and WebTorrent, joins to discuss the launch of Socket, a tool designed to secure the open-source supply chain. Feross highlights how supply chain attacks have eroded trust in open-source software. He explains Socket’s proactive approach to treating all open-source code as potentially malicious and discusses the alarming prevalence of risks like typo-squatting and package compromises. The conversation sheds light on the collective responsibility needed to enhance security in the tech community.