undefined

Feross Aboukhadijeh

Security engineer and founder of Socket Security, focused on detecting and preventing supply-chain attacks in npm and other package ecosystems; guest expert on recent npm compromises and mitigations.

Top 5 podcasts with Feross Aboukhadijeh

Ranked by the Snipd community
undefined
89 snips
Jul 25, 2025 • 27min

How to Vibe Code Securely

Feross Aboukhadijeh, Founder and CEO of Socket, dives into the transformative role of AI in software engineering. He discusses the concept of 'Vibe Coding' and how it reshapes workflows while highlighting security considerations. Feross emphasizes the importance of vetting code and maintaining a safe supply chain to prevent vulnerabilities, even as AI tools boost productivity. He also explores the balance between human oversight and automated systems in enhancing cybersecurity, reminding developers of the essential practices to ensure safe coding.
undefined
33 snips
Oct 3, 2025 • 1h 35min

npm under siege (what to do about it) (Friends)

Feross Aboukhadijeh, a security engineer and founder of Socket Security, dives into the alarming rise of npm supply chain attacks, detailing how phishing and account takeovers have escalated threats. He explains the innovative techniques behind recent compromises and the unexpected consequences for attackers seeking monetary gain. Feross introduces Socket Firewall, a promising solution to detect and block malware during package installations. Listeners gain practical steps for reducing supply-chain risk and insights into the future of npm security.
undefined
14 snips
Sep 23, 2025 • 40min

Unpacking the NPM supply chain attacks with Feross Aboukhadijeh

Feross Aboukhadijeh, the founder and CEO of Socket, dives into the alarming rise of NPM supply chain attacks targeting the JavaScript community. He discusses how attackers employed phishing tactics to compromise popular packages like Prettier and 'is,' explaining the vulnerabilities that allowed for these breaches. Feross also highlights risky postinstall scripts and provides practical mitigation strategies to protect against future threats, emphasizing the importance of vigilant practices in the ever-evolving landscape of software security.
undefined
7 snips
Aug 14, 2025 • 36min

Risky Biz Soap Box: How to measure vulnerability reachability

Feross Aboukhadijeh, the founder and CEO of Socket, dives into the complexities of software supply chain security. He discusses how to measure the reachability of vulnerabilities in applications, emphasizing the importance of knowing whether a CVE actually impacts your project. Feross shares insights on the evolution of Socket from tracking malicious packages to tackling CVEs. He also highlights challenges in navigating legacy applications and the critical need for effective detection of malicious packages, advocating for a nuanced approach to software security.
undefined
Oct 3, 2025 • 1h 35min

npm under siege (what to do about it) (Changelog & Friends #111)

Feross Aboukhadijeh, a security researcher and founder of Socket, dives into the alarming rise of supply chain attacks in the npm ecosystem. He discusses recent phishing campaigns, account takeovers, and the innovative ways attackers exploit vulnerabilities. The conversation highlights practical defenses for developers, like avoiding pull_request_target and implementing publish delays. Feross also unveils Socket's new GitHub Actions scanning features and emphasizes the ongoing threat of typosquatting, advocating for a balanced approach to open publishing and security.

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app