ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Securing the open source supply chain"
Episode Synopsis
This week we're joined by the "mad scientist" himself, Feross Aboukhadijeh...and we're talking about the launch of Socket — the next big thing in the fight to secure and protect the open source supply chain.
While working on the frontlines of open source, Feross and team have witnessed firsthand how supply chain attacks have swept across the software community and have damaged the trust in open source. Socket turns the problem of securing open source software on its head, and asks..."What if we assume all open source may be malicious?" So, they built a system that proactively detects indicators of compromised open source packages and brings awareness to teams in real-time. We cover the whys, the hows, and what's next for this ambitious and very much needed project.
While working on the frontlines of open source, Feross and team have witnessed firsthand how supply chain attacks have swept across the software community and have damaged the trust in open source. Socket turns the problem of securing open source software on its head, and asks..."What if we assume all open source may be malicious?" So, they built a system that proactively detects indicators of compromised open source packages and brings awareness to teams in real-time. We cover the whys, the hows, and what's next for this ambitious and very much needed project.
More episodes of the podcast Changelog Interviews
From GitLab to Kilo Code
07/01/2026
Agents in the database
18/12/2025
Autonomous drone delivery in a Zip
10/12/2025
Werner Vogels predicts the future
04/12/2025
The inner workings of Wikipedia
26/11/2025
Creating communal computers
19/11/2025
DO repeat yourself!
12/11/2025
The world of open source metadata
05/11/2025
Agentic infra changes everything
30/10/2025
Bringing Atuin to the desktop
22/10/2025
In God we trust