We started?Socket?with a simple but audacious goal: to safeguard the open source ecosystem for everyone. Today, that dream is a bit brighter—literally! Our logo is lighting up Times Square! Every great company is a conspiracy to change the world.?Thank you to our many co-conspirators — our early customers, founding employees, investors, mentors, and the open source and security communities — we wouldn't be here without your support. We're just getting started.
Socket
计算机和网络安全
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS.
关于我们
Socket is a cybersecurity platform that protects companies from software supply chain attacks. Companies use Socket to protect their software applications and critical services from malware and security threats originating in open source code.
- 网站
-
https://socket.dev
Socket的外部链接
- 所属行业
- 计算机和网络安全
- 规模
- 11-50 人
- 总部
- San Francisco
- 类型
- 私人持股
- 创立
- 2020
- 领域
- Software、Security、Software supply chain、Open source software、Application Security、Cybersecurity和Software Composition Analysis (SCA)
地点
-
主要
US,San Francisco
Socket员工
动态
-
?? New Threat Research: 3 malicious #npm packages are typosquatting popular cryptographic libraries, targeting #crypto asset developers with keylogging and wallet theft. These packages are still live on npm with more than 1,000 downloads. https://lnkd.in/e3fNCcxm #NodeJS #javascript #cybersecurity?
-
?? Weekly download counts are now displayed for each npm package when searching on Socket! This gives you a quick popularity gauge, so you can easily identify widely-used packages in search results. Many thanks to Wes Bos for the feature suggestion on the Syntax podcast! https://lnkd.in/eukuthHu
Weekly Downloads Now Available in npm Package Search Results...
socket.dev
-
?? A Stanford study reveals 9.5% of software engineers do virtually no meaningful work, costing tech $90B+ annually, with remote work fueling the rise of "ghost engineers." https://lnkd.in/e9_ZRbEa
Tech's $90B Ghost Engineer Problem: Stanford Study Finds 9.5...
socket.dev
-
Socket转发了
? You can check open source software for 70 indicators of compromise Feross Aboukhadijeh explains how Socket helps Developers evaluate open source risks via web browsers extensions that caution and warn in very early evaluation stages. An ounce of preventions is worth a pound of cure. Feross is an entrepreneur with a successful exit on his resume. Feross is also a graduate of Stanford, an active venture capital investor, and a talented open source developer who has built WebTorrent, assisted Brave Software, and uplifted Javascript projects. The Full Episode with Host Scott Brammer from The Cyber Security Council is available here: https://lnkd.in/g3wnMzYH Special Guest Feross Aboukhadijeh CEO and Co-Founder at Socket
Inspecting Open Source Packages for Malicious Indicators
https://www.youtube.com/
-
?? Socket’s threat research team has detected six malicious #npm packages typosquatting popular libraries to insert SSH backdoors. These packages are still live on npm. https://lnkd.in/g9rCAQ9Q #JavaScript #cybersecurity
Malicious npm Packages Inject SSH Backdoors via Typosquatted...
socket.dev
-
MITRE published its 2024 CWE Top 25 Most Dangerous Software Weaknesses list. There are some familiar faces at the top of the rankings: XSS, SQL Injection, and CSRF are all still pervasive issues. https://lnkd.in/ekPHRrxu #CyberSecurity
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE T...
socket.dev
-
?? On this episode of the Risky Business podcast Feross shared some of the malware we’ve seen in open source package registries recently, including author typosquatting and malware leveraging Ethereum smart contracts to evade detection. Check out the full episode: https://lnkd.in/eMkR4tfr
-
We replicate OSS registry feeds in real time, often catching threats within seconds of the package being published. Users are protected while we work with the registries to get malicious packages removed. And all the package info is available for free on our website. Check out Feross’s interview w/ Patrick Gray: https://lnkd.in/eMkR4tfr
-
Socket founder and CEO Feross Aboukhadijeh joined Patrick Gray on the Risky Business podcast where they discussed some of the challenges of tracking open source malware in the absence of a standardized repository for cataloging malicious packages. Check out the full episode: https://lnkd.in/eMkR4tfr