Feross Aboukhadijeh
Feross is founder and CEO at Socket (https://socket.dev), a developer-first security platform. Feross has worked in open source software for 10+ years writing some of the most-downloaded JavaScript packages. Feross is a lecturer at Stanford where he teaches CS 253 Web Security. Socket makes a developer-first security platform that prevents vulnerable and malicious open source dependencies from infiltrating your software supply chain. Thousands of organizations in every industry use Socket to safely discover, audit, and manage OSS at scale.
The State of JavaScript Security in 2024
React Summit US 2024
Recording pending
The State of JavaScript Security in 2024
As React continues to dominate the web development landscape, securing the vast ecosystem of open source dependencies has never been more critical. In 2024, the challenges around React and JavaScript security have evolved, and the risks associated with software supply chain attacks are more pronounced than ever.
In this talk, we’ll explore the current state of JavaScript security, highlighting recent high-profile supply chain attacks and their impact on the development community. We’ll discuss the latest trends, tools, and best practices for managing and securing your JavaScript dependencies.
Key topics will include:
• An overview of recent supply chain attacks and lessons learned
• Effective strategies for mitigating risks from malicious dependencies
• How modern tools and standards are improving the security landscape
• The role of developers and organizations in fostering a secure open source ecosystem
Join Feross Aboukhadijeh, a seasoned open source maintainer and security expert, as he shares insights and practical advice on navigating the complex world of JavaScript security in 2024. This session is essential for developers, security professionals, and anyone invested in maintaining a secure and resilient software supply chain.
In this talk, we’ll explore the current state of JavaScript security, highlighting recent high-profile supply chain attacks and their impact on the development community. We’ll discuss the latest trends, tools, and best practices for managing and securing your JavaScript dependencies.
Key topics will include:
• An overview of recent supply chain attacks and lessons learned
• Effective strategies for mitigating risks from malicious dependencies
• How modern tools and standards are improving the security landscape
• The role of developers and organizations in fostering a secure open source ecosystem
Join Feross Aboukhadijeh, a seasoned open source maintainer and security expert, as he shares insights and practical advice on navigating the complex world of JavaScript security in 2024. This session is essential for developers, security professionals, and anyone invested in maintaining a secure and resilient software supply chain.
The Dark Side of Open Source
Node Congress 2024
37 min
The Dark Side of Open Source
Join Feross, CEO of Socket, on a thrilling journey into the dark side of open source software. Come along for the ride as we explore the unseen risks lurking within everyday software dependencies. See firsthand how AI-driven solutions, specifically large language models, are helping us battle against malicious dependencies within the npm ecosystem. Arm yourself with the knowledge and tools to protect your codebase in this ever-evolving battle.
It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
DevOps.js Conf 2022
32 min
It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
Do you know what’s really going on in your node_modules folder? Software supply chain attacks have exploded over the past 12 months and they’re only accelerating in 2022 and beyond. We’ll dive into examples of recent supply chain attacks and what concrete steps you can take to protect your team from this emerging threat.
It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
Node Congress 2022
26 min
It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
Top ContentDo you know what’s really going on in your node_modules folder? Software supply chain attacks have exploded over the past 12 months and they’re only accelerating in 2022 and beyond. We’ll dive into examples of recent supply chain attacks and what concrete steps you can take to protect your team from this emerging threat.
You can check the slides for Feross' talk here.
You can check the slides for Feross' talk here.