Modern software relies heavily on open source dependencies, often pulling in thousands of packages

maintained by developers all over the world. This accelerates innovation, but also creates serious

supply chain risks as attackers increasingly compromise popular libraries to spread malware at scale.

Farras Abu Khadija is the founder and CEO of Socket,

which is a security platform designed to protect software projects from open source supply chain attacks.

In this episode, he joins Josh Goldberg to talk about his career in open source,

open source supply chain attacks, practical security lessons,

the expanding attack surface in software development, and more.

This episode is hosted by Josh Goldberg, an independent full-time open source developer.

Josh works on projects in the TypeScript ecosystem, most notably TypeScript ESLint, a powerful static analysis tool set

for JavaScript and TypeScript. He is also the author of the O'Reilly Learning TypeScript book,

a Microsoft MVP for developer technologies, and a co-founder of SquiggleConf, a conference for

excellent web developer tooling. Find Josh on

Blue Sky, Fosterdon, and dot com as Joshua K. Goldberg.

Varaa, Suburka, DJ. Welcome to Software Engineering Daily. Thanks, Josh. Rukadija.

Welcome to Software Engineering Daily.

Thanks, Josh.

Glad to be here.

We're excited to have you.

You have been in and around open source and general security practices for crowd a while.

Before we dive into you and socket, can you tell us how did you get into coding?

Yeah, I got into coding when I was in high school.

...