Feross Aboukhadijeh, founder and CEO of Socket, joins The Tech Trek to pull back the curtain on software supply chain security, why legacy tools are failing, and what it really takes to build trust into modern development. Feross explains how Socket is tackling vulnerabilities most vendors can't even detect and shares why they made a rare early-stage acquisition—and how it’s reshaping their roadmap.
Whether you’re an engineering leader, security pro, or founder eyeing M&A moves, this episode offers sharp insights into product strategy, AI implications, and the real work behind the scenes.
Key Takeaways:
Socket proactively secures the software supply chain by detecting malicious code injections and not just known vulnerabilities
Legacy tools rely on outdated databases and can’t keep up with real-time threats or malicious actors
The explosion of AI-generated code is expanding the attack surface and introducing new vectors like “slop squatting”
Socket’s acquisition of Kawana was driven by tight product fit, culture alignment, and shared technical DNA—not just business rationale
Reachability analysis reduced Socket’s security alert noise by 80 percent, boosting signal and developer trust
Timestamped Highlights:
01:00 — What Socket actually does and why open source dependency risk is a blind spot for most companies
06:40 — Why most tools in this space haven’t solved the real security problem—and how Socket is different
11:50 — AI’s unexpected impact on software security and the rise of hallucinated packages
16:30 — Behind Socket’s acquisition of Kawana and how academic research drove product synergy
22:58 — How integrating the acquisition is evolving Socket’s roadmap and deepening its technical edge
25:00 — What Feross learned from the legal side of M&A and how his past experience at Yahoo helped shape this one
Quote of the Episode:
“We care way more about first-party code than third-party code, even though it all runs in one app. That has to change.”
Resources Mentioned:
Socket: https://socket.dev
Call to Action:
Enjoyed the episode? Follow The Tech Trek to catch conversations with the builders shaping the future. And if you’re deep in security or scaling a dev team, check out socket.dev or reach out to Feross directly—he’s happy to share lessons learned.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.