Travis McPeak, CEO and Co-founder of Resourcely, delves into the historical evolution of cybersecurity, emphasizing the shift from minimal measures in the 90s to today’s complexities. Feross Aboukhadijeh, CEO of Socket, shares insights on the XZ Utils cyber attack, revealing its sophisticated, state-sponsored nature. Andrej Safundzic, CEO of Lumos, explores the future of autonomous security systems and their potential to revolutionize startup security. Together, they highlight the urgent need for innovative approaches to combat rising AI-driven threats.

Feross Aboukhadijeh, a software developer known for Socket, Wormhole, and WebTorrent, discusses vital security improvements for npm code installations. He unveils Socket's role in ensuring open-source safety and transparency while introducing AI-driven package summaries. Feross shares insights into the risks of malicious code and the ethical responsibilities for developers. He also explores the innovative functionality of WebTorrent and challenges faced in decentralized file sharing, all while emphasizing the importance of community vigilance in a secure coding environment.

Chris Tarbell, a former FBI agent famed for his role in the Silk Road case, shares dramatic insights into combating cybercrime. He discusses the complexities of Ross Ulbricht’s story and the potential implications of a changing political landscape. Feross Aboukhadijeh, founder of Socket.dev, argues for a centralized tracking system for supply chain attacks, highlighting vulnerabilities in software ecosystems. The conversation delves into Apple’s new security feature limiting law enforcement access and the ongoing evolution of cybersecurity challenges in today’s digital landscape.

Feross Aboukhadijeh from Socket discusses using large language models to secure the software supply chain, overcoming challenges like the recent XZutils attack. They explore how AI tools can help identify risky packages, cut down on noise, and make security problems tractable. The conversation dives into the role of LLMs in scanning open source code, improving security maturity with NIST standards, and the evolving landscape of security against advanced attackers.

Expert Feross Aboukhadijeh discusses the influx of malicious code in repositories. Topics include Azure misconfigurations, Ivanti exploits, Starlink in Ukraine, and Canada's Flipper Zero crackdown. The podcast delves into the challenges in detecting and blocking malicious packages, cybersecurity trends like crypto attacks, and Discord token theft. A mix of security news and insightful discussions.

Open source legend Feross Aboukhadijeh discusses his journey into open source, challenges of open source funding, and his company Socket. Socket aims to level up OSS security and can detect complex vulnerabilities using static and dynamic analysis. They delve into the world of open source security, including device identifiers, managing open source packages, controversial funding experiments, the risks of relying on code maintainers, and the importance of considering the software supply chain.

Daniel Stenberg is frustrated with AI tooling for finding security bugs, Brian Birtles shares surprising web dev beliefs, Feross Aboukhadijeh talks about npm prank fallout, Rob Pike discusses right and wrong with Go, and Gavin Howard challenges the idea that “all code is tech debt”.

Experienced developer frustrated with AI tooling for finding security bugs, web developer surprised by weird beliefs in engineering, fallout from nasty npm prank, thoughts on what they got right and wrong with Go, and challenging the view that all code is tech debt.

Feross Aboukhadijeh of Socket shares insights on supply chain security, discussing npm package vulnerabilities, the importance of safeguarding open source elements, and tools like soc.dev. The episode also explores internet crime, security podcasts, coffee culture, and using a Burr Coffee Grinder for enhanced flavor.

Feross Aboukhadijeh, an open-source developer known for projects like Socket and WebTorrent, joins to discuss the launch of Socket, a tool designed to secure the open-source supply chain. Feross highlights how supply chain attacks have eroded trust in open-source software. He explains Socket’s proactive approach to treating all open-source code as potentially malicious and discusses the alarming prevalence of risks like typo-squatting and package compromises. The conversation sheds light on the collective responsibility needed to enhance security in the tech community.