Feross Aboukhadijeh

Luther Lowe, YC policy lead, takes on Apple and Google’s app store grip. Dan Primack, Axios finance reporter, digs into prediction markets and the legal fight around Kalshi. Lior Susan, Eclipse Ventures investor, talks chips, robotics, and industrial tech. Feross Aboukhadijeh, Socket security founder, breaks down a poisoned npm package, while Jaleh Rezaei and Jeremy Philip Galen explore AI sales agents and AI-powered scam defense.

Feross Aboukhadijeh, the founder and CEO of Socket, brings his expertise in open source and package security to the discussion. He shares insights into the ever-growing risks of software supply chains, emphasizing the importance of securing dependencies. Feross recounts his journey from developing WebTorrent to tackling issues like maintainer burnout. He provides practical tips on maintaining safe code, highlights threats from AI-driven attacks, and stresses the need for robust vetting processes. Plus, he lightens up the conversation with charming tales about his kittens!

Travis McPeak, CEO and Co-founder of Resourcely, delves into the historical evolution of cybersecurity, emphasizing the shift from minimal measures in the 90s to today’s complexities. Feross Aboukhadijeh, CEO of Socket, shares insights on the XZ Utils cyber attack, revealing its sophisticated, state-sponsored nature. Andrej Safundzic, CEO of Lumos, explores the future of autonomous security systems and their potential to revolutionize startup security. Together, they highlight the urgent need for innovative approaches to combat rising AI-driven threats.

Feross Aboukhadijeh, a software developer known for Socket, Wormhole, and WebTorrent, discusses vital security improvements for npm code installations. He unveils Socket's role in ensuring open-source safety and transparency while introducing AI-driven package summaries. Feross shares insights into the risks of malicious code and the ethical responsibilities for developers. He also explores the innovative functionality of WebTorrent and challenges faced in decentralized file sharing, all while emphasizing the importance of community vigilance in a secure coding environment.

Chris Tarbell, a former FBI agent famed for his role in the Silk Road case, shares dramatic insights into combating cybercrime. He discusses the complexities of Ross Ulbricht’s story and the potential implications of a changing political landscape. Feross Aboukhadijeh, founder of Socket.dev, argues for a centralized tracking system for supply chain attacks, highlighting vulnerabilities in software ecosystems. The conversation delves into Apple’s new security feature limiting law enforcement access and the ongoing evolution of cybersecurity challenges in today’s digital landscape.

Open source legend Feross Aboukhadijeh discusses his journey into open source, challenges of open source funding, and his company Socket. Socket aims to level up OSS security and can detect complex vulnerabilities using static and dynamic analysis. They delve into the world of open source security, including device identifiers, managing open source packages, controversial funding experiments, the risks of relying on code maintainers, and the importance of considering the software supply chain.

Feross Aboukhadijeh, open-source developer and security expert behind WebTorrent, explains how AI is reshaping open source and swelling dependency webs. He recounts real supply-chain compromises and emergent worm attacks. He also introduces Socket Firewall and a behavior-focused approach to blocking malicious packages at install time.

Feross Aboukhadijeh from Socket discusses using large language models to secure the software supply chain, overcoming challenges like the recent XZutils attack. They explore how AI tools can help identify risky packages, cut down on noise, and make security problems tractable. The conversation dives into the role of LLMs in scanning open source code, improving security maturity with NIST standards, and the evolving landscape of security against advanced attackers.

Experienced developer frustrated with AI tooling for finding security bugs, web developer surprised by weird beliefs in engineering, fallout from nasty npm prank, thoughts on what they got right and wrong with Go, and challenging the view that all code is tech debt.

Daniel Stenberg is frustrated with AI tooling for finding security bugs, Brian Birtles shares surprising web dev beliefs, Feross Aboukhadijeh talks about npm prank fallout, Rob Pike discusses right and wrong with Go, and Gavin Howard challenges the idea that “all code is tech debt”.