Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk

Feross Aboukhadijeh, founder and CEO of Socket, discusses with Josh Goldberg on Software Engineering Daily the critical issue of open-source supply chain attacks in the software industry and how Socket aims to mitigate these risks. Feross shares insights from his journey through building popular open-source projects and the challenges of maintaining them, emphasizing the necessity of treating open-source dependencies as integral parts of one's codebase. He highlights the importance of practical security habits, such as utilizing lock files and vetting new dependencies, to prevent malicious code from infiltrating systems. The conversation also explores the emerging threats posed by AI-driven risks, where attackers exploit hallucinated package names generated by language models. Feross underscores the need for vigilance and proactive measures, like those offered by Socket, to protect against the evolving landscape of software vulnerabilities while reflecting on his personal experiences with open source, including the burnout associated with maintaining popular projects.