PostHole
Compose
Login
Blocking Software Supply Chain Attacks with Feross Aboukhadijeh
Modern software relies heavily on open source dependencies, often pulling in thousands of packages maintained by developers all over the world. This accelerates innovation but also creates serious supply chain risks as attackers increasingly compromise popular libraries to spread malware at scale. Feross Aboukhadijeh is the founder and CEO of Socket which is a security
The post Blocking Software Supply Chain Attacks with Feross Aboukhadijeh appeared first on Software Engineering Daily.
Blocking Software Supply Chain Attacks with Feross Aboukhadijeh
By SEDaily
** Podcast
Tuesday, December 9 2025
Podcast: Play in new window | Download
Subscribe: RSS
Modern software relies heavily on open source dependencies, often pulling in thousands of packages maintained by developers all over the world. This accelerates innovation but also creates serious supply chain risks as attackers increasingly compromise popular libraries to spread malware at scale.
Feross Aboukhadijeh is the founder and CEO of Socket which is a security platform designed to protect software projects from open source supply chain attacks. In this episode he joins Josh Goldberg to talk about his career in open source, open source supply chain attacks, practical security lessons, the expanding attack surface in software development, and more.
Josh Goldberg is an independent full time open source developer in the TypeScript ecosystem. He works on projects that help developers write better TypeScript more easily, most notably on typescript-eslint: the tooling that enables ESLint and Prettier to run on TypeScript code. Josh regularly contributes to open source projects in the ecosystem such as ESLint and TypeScript. Josh is a Microsoft MVP for developer technologies and the author of the acclaimed Learning TypeScript (O’Reilly), a cherished resource for any developer seeking to learn TypeScript without any prior experience outside of JavaScript. Josh regularly presents talks and workshops at bootcamps, conferences, and meetups to share knowledge on TypeScript, static analysis, open source, and general frontend and web development.
Please click here to see the transcript of this episode.
Sponsorship inquiries: sponsor@softwareengineeringdaily.com
SEDaily
Sponsors
Is your AI model taking weeks to train? Or is it too slow for real-time inference? Fixstars AI Booster is the acceleration platform that solves both. AI Booster automatically analyzes and optimizes your entire AI pipeline. The result? Dramatically faster training – up to 5x faster, and compute costs slashed by up to 80%. Trusted by major companies including Sony Honda Mobility. Stop waiting on your hardware. Visit fixstars.com to learn how
****POPULAR****
- Why We Switched from Python to Go 16 views
Software Daily
Subscribe to Software Daily, a curated newsletter featuring the best and newest from the software engineering community.
Exclusive Articles
VMware Tanzu GemFire and Next-Generation Real-Time Application Development
Uber’s LedgerStore and its Trillions of Indexes with Kaushik Devarajaiah
GraphQL vs. REST: What Are They, and Which Is Better for You?
Cloud Engineering
CodeRabbit and RAG for Code Review with Harjot Gill
Building Chess.com with Jay Severson
Mastodon with Eugen Rochko
Business and Philosophy
Startup Investing with George Mathew
KubeCon Special: Docker with Justin Cormack
Software Architecture with Josh Prismon
Greatest Hits
Hardening C++ with Bjarne Stroustrup
Surviving ChatGPT with Christian Hubicki
Special Episode with George Hotz
Hackers
Making React 70% faster with Aiden Bai of Million.js
Cross-functional Incident Management with Ashley Sawatsky and Niall Murphy
SDKs for your API with Sagar Batchu
Data
Hyperscaling SQL with Sam Lambert
Spring AI and Java in 2024
Iceberg at Netflix and Beyond with Ryan Blue