Adam Stacoviak
Appearances
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
That was really good. That was very good. Thank you very much. Now, Matt, now that Oasis is getting back together, are you going to join them?
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
I was going to say, we always know which one wins in the end. That's a British thing.
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
I totally agree that current security tools are super broken. There's really two ways that they're broken. The first, they send too many alerts. The second, they send not enough alerts. What I mean by that is they send too many alerts. They send false positives. They inflate the severity. They say that it's a critical security issue when it's actually a low security issue.
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
They tell you about vulnerabilities and developer dependencies that are never going to run in production. There's all these reasons why they're just wasting your time with this noise. And on the other hand, they're not alerting you about things that actually matter.
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
So if you look at like the news and you look at kind of the attacks that are affecting companies and that are affecting developers today, there are things like malicious dependencies, typosquat attacks, hijacked dependencies, risky dependencies that have like hidden behavior in them that will open up popups to random sites or steal certain data from your system.
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
Things that you do see in the news quite frequently, right? And we see them literally, we see a hundred attacks per week at Socket that we're detecting right now. They're an NPM, PyPy, Maven, and the Go ecosystems, which are the four we support today.
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
The current tools, they send you too many alerts, all this low importance stuff, but then they don't even alert you about all the attacks that actually matter. And so that's what we're doing at Socket. We're sending you the right alerts, the alerts that actually matter so you get, when you are alerted, you actually believe it. and you take it seriously because it's real, you know?
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
That's what we're trying to do. And that's what I think we're doing really well. That's why we have over 6,000 organizations that have added Socket into their GitHub. It's a two-click installation. It's literally super easy. You go to the GitHub marketplace, you search Socket, you click install, and you click all repos. Boom, your entire company is protected. And it doesn't block developers.
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
It doesn't prevent you from shipping code. Initially, it's all just kind of in a worn mode. So it's really easy to get started. No source code access. We don't read your source. We just need a list of dependencies that you're using. So it's a really light and easy installation. Very, very developer-friendly tool.
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
Hey guys, you got any babies? To be clear, they're not real babies.
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
Not real babies. Let's not keep acting like they are. Most of us already knew that, Jared.
The Changelog: Software Development, Open Source
#define: piggyback (Friends)
This guy's ripped. Quick, let's get it.