Feross Aboukhadijeh
Feross is the author and maintainer of WebTorrent, StandardJS, and 100s of other open source projects. His software is downloaded 500+ million times per month. He was a lecturer at Stanford where he created the course CS 253 Web Security. More recently, Feross is the founder and CEO of Socket, where he's working on a new approach to supply chain security by auditing every package on npm to detect suspicious changes and block supply chain attacks without slowing the development process.
Sessions
Open source code makes up 90% of most codebases. How do you know if you can trust your open source dependencies? Do you know what’s really going on in your node_modules folder? It is critical to manage your dependencies effectively to reduce risk but most teams have an ad-hoc process where any developer can introduce dependencies. Software supply chain attacks have exploded over the past 12 months and they’re only accelerating in 2022. We’ll dive into examples of recent supply chain attacks targeting the JavaScript, Node.js, and npm ecosystems, as well as concrete steps you can take to protect your apps, projects, and teams from this emerging threat.