The Security Gap No One’s Talking About The Tech Trek podcast

4d ago 28:26

Content provided by Elevano. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Elevano or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Feross Aboukhadijeh, founder and CEO of Socket, joins The Tech Trek to pull back the curtain on software supply chain security, why legacy tools are failing, and what it really takes to build trust into modern development. Feross explains how Socket is tackling vulnerabilities most vendors can't even detect and shares why they made a rare early-stage acquisition—and how it’s reshaping their roadmap.

Whether you’re an engineering leader, security pro, or founder eyeing M&A moves, this episode offers sharp insights into product strategy, AI implications, and the real work behind the scenes.

Key Takeaways:

Socket proactively secures the software supply chain by detecting malicious code injections and not just known vulnerabilities

Legacy tools rely on outdated databases and can’t keep up with real-time threats or malicious actors

The explosion of AI-generated code is expanding the attack surface and introducing new vectors like “slop squatting”

Socket’s acquisition of Kawana was driven by tight product fit, culture alignment, and shared technical DNA—not just business rationale

Reachability analysis reduced Socket’s security alert noise by 80 percent, boosting signal and developer trust

Timestamped Highlights:

01:00 — What Socket actually does and why open source dependency risk is a blind spot for most companies

06:40 — Why most tools in this space haven’t solved the real security problem—and how Socket is different

11:50 — AI’s unexpected impact on software security and the rise of hallucinated packages

16:30 — Behind Socket’s acquisition of Kawana and how academic research drove product synergy

22:58 — How integrating the acquisition is evolving Socket’s roadmap and deepening its technical edge

25:00 — What Feross learned from the legal side of M&A and how his past experience at Yahoo helped shape this one

Quote of the Episode:

“We care way more about first-party code than third-party code, even though it all runs in one app. That has to change.”

Resources Mentioned:

Socket: https://socket.dev

Call to Action:

Enjoyed the episode? Follow The Tech Trek to catch conversations with the builders shaping the future. And if you’re deep in security or scaling a dev team, check out socket.dev or reach out to Feross directly—he’s happy to share lessons learned.

504 episodes