Securing the open source supply chain (Changelog Interviews #482)

This week we're joined by the "mad scientist" himself, Feross Aboukhadijeh...and we're talking about the launch of Socket — the next big thing in the fight to secure and protect the open source supply chain. While working on the frontlines of open source, Feross and team have witnessed firsthand how supply chain attacks have swept across the software community and have damaged the trust in open source. Socket turns the problem of securing open source software on its head, and asks..."What if we assume all open source may be malicious?" So, they built a system that proactively detects indicators of compromised open source packages and brings awareness to teams in real-time. We cover the whys, the hows, and what's next for this ambitious and very much needed project.

Om Podcasten

Your one-stop shop for all Changelog podcasts. Weekly shows about software development, developer culture, open source, building startups, artificial intelligence, shipping code to production, and the people involved. Yes, we focus on the people. Everything else is an implementation detail.