Top security experts discuss the evolution of cybersecurity, AI-driven threats, and sophisticated attacks like the XZ Utils incident. They emphasize the need for autonomous security systems and the challenges faced by startups in creating secure platforms. The rise of deepfake videos and the impact on business and society are also explored, along with the transition of software tools towards autonomy driven by AI.

Feross Aboukhadijeh, developer of Socket, Wormhole, and Web Torrent, joins Wes and Scott to discuss the safety of running random code from npm. They explore Socket's focus on visibility and security, npm spam attacks, managing dependencies with shrink wrap or lock files, implementing web torrent with JavaScript, exploring browser APIs, and the risks of running random code from npm.

Chris Tarbell, a former FBI agent famed for his role in the Silk Road case, shares dramatic insights into combating cybercrime. He discusses the complexities of Ross Ulbricht’s story and the potential implications of a changing political landscape. Feross Aboukhadijeh, founder of Socket.dev, argues for a centralized tracking system for supply chain attacks, highlighting vulnerabilities in software ecosystems. The conversation delves into Apple’s new security feature limiting law enforcement access and the ongoing evolution of cybersecurity challenges in today’s digital landscape.

Daniel Stenberg is frustrated with AI tooling for finding security bugs, Brian Birtles debunks web dev myths, Feross Aboukhadijeh shares npm prank fallout, Rob Pike discusses Go's successes and failures, and Gavin Howard challenges the idea that all code is tech debt.

Feross Aboukhadijeh from Socket discusses using large language models to secure the software supply chain, overcoming challenges like the recent XZutils attack. They explore how AI tools can help identify risky packages, cut down on noise, and make security problems tractable. The conversation dives into the role of LLMs in scanning open source code, improving security maturity with NIST standards, and the evolving landscape of security against advanced attackers.

Expert Feross Aboukhadijeh discusses the influx of malicious code in repositories. Topics include Azure misconfigurations, Ivanti exploits, Starlink in Ukraine, and Canada's Flipper Zero crackdown. The podcast delves into the challenges in detecting and blocking malicious packages, cybersecurity trends like crypto attacks, and Discord token theft. A mix of security news and insightful discussions.

Open source legend Feross Aboukhadijeh discusses his journey into open source, challenges of open source funding, and his company Socket. Socket aims to level up OSS security and can detect complex vulnerabilities using static and dynamic analysis. They delve into the world of open source security, including device identifiers, managing open source packages, controversial funding experiments, the risks of relying on code maintainers, and the importance of considering the software supply chain.

Daniel Stenberg is frustrated with AI tooling for finding security bugs, Brian Birtles shares surprising web dev beliefs, Feross Aboukhadijeh talks about npm prank fallout, Rob Pike discusses right and wrong with Go, and Gavin Howard challenges the idea that “all code is tech debt”.

Experienced developer frustrated with AI tooling for finding security bugs, web developer surprised by weird beliefs in engineering, fallout from nasty npm prank, thoughts on what they got right and wrong with Go, and challenging the view that all code is tech debt.

Feross Aboukhadijeh of Socket shares insights on supply chain security, discussing npm package vulnerabilities, the importance of safeguarding open source elements, and tools like soc.dev. The episode also explores internet crime, security podcasts, coffee culture, and using a Burr Coffee Grinder for enhanced flavor.