Feross Aboukhadijeh

Feross Aboukhadijeh, Founder and CEO of Socket, dives into the transformative role of AI in software engineering. He discusses the concept of 'Vibe Coding' and how it reshapes workflows while highlighting security considerations. Feross emphasizes the importance of vetting code and maintaining a safe supply chain to prevent vulnerabilities, even as AI tools boost productivity. He also explores the balance between human oversight and automated systems in enhancing cybersecurity, reminding developers of the essential practices to ensure safe coding.

Feross Aboukhadijeh, a security engineer and founder of Socket Security, dives into the alarming rise of npm supply chain attacks, detailing how phishing and account takeovers have escalated threats. He explains the innovative techniques behind recent compromises and the unexpected consequences for attackers seeking monetary gain. Feross introduces Socket Firewall, a promising solution to detect and block malware during package installations. Listeners gain practical steps for reducing supply-chain risk and insights into the future of npm security.

Feross Aboukhadijeh, the founder and CEO of Socket, dives into the alarming rise of NPM supply chain attacks targeting the JavaScript community. He discusses how attackers employed phishing tactics to compromise popular packages like Prettier and 'is,' explaining the vulnerabilities that allowed for these breaches. Feross also highlights risky postinstall scripts and provides practical mitigation strategies to protect against future threats, emphasizing the importance of vigilant practices in the ever-evolving landscape of software security.

Feross Aboukhadijeh, the founder and CEO of Socket, dives into the complexities of software supply chain security. He discusses how to measure the reachability of vulnerabilities in applications, emphasizing the importance of knowing whether a CVE actually impacts your project. Feross shares insights on the evolution of Socket from tracking malicious packages to tackling CVEs. He also highlights challenges in navigating legacy applications and the critical need for effective detection of malicious packages, advocating for a nuanced approach to software security.

Feross Aboukhadijeh, a security researcher and founder of Socket, dives into the alarming rise of supply chain attacks in the npm ecosystem. He discusses recent phishing campaigns, account takeovers, and the innovative ways attackers exploit vulnerabilities. The conversation highlights practical defenses for developers, like avoiding pull_request_target and implementing publish delays. Feross also unveils Socket's new GitHub Actions scanning features and emphasizes the ongoing threat of typosquatting, advocating for a balanced approach to open publishing and security.