Online / 6 & 7 February 2021

visit

Dependency Management devroom

Room: D.dependency
Calendar: iCal, xCal
Video with Q&A: D.dependency
Video only: D.dependency
Chat: Join the conversation!


09 10 11 12 13 14 15 16 17 18
Sunday Software Ecosystems as Networks
Advances on the FASTEN project		 DepClean: Automatically revealing bloated software dependencies in Maven projects Lost in Zero Space
Can we trust depending on packages with major version zero? 		Early warning signs for open source breakages
Using crowd feedback from dependency automation as an early warning indicator		 As Strong as the Weakest Link
Securing the Software Supply Chain		 Reusing dependencies across ecosystems: what stands in the way?

Read the Call for Papers at https://www.fasten-project.eu/view/Events/FOSDEM21_Devroom_Call_For_Presentations.

As demonstrated by much talked about events such as the LeftPad incident, which led to hundreds of thousands of websites to stop working, and the Equifax data breach, which led to a leak of hundreds of thousands of credit card numbers, dependencies on networks of external libraries can introduce significant operational and compliance risks as well as difficulties to assess security implications. Most development teams still fail to adequately inventory their software dependencies. Even as more code is produced, indirect dependencies continue to undermine security and account for the majority of vulnerabilities.

What have been the recent progresses in dependency management made available to developers? What are the remaining key challenges? What future improvements can we expect from industry or from research?

This Devroom aims to establish the state of the art in dependency management, it builds upon the success of last year’s Devroom to which it will constitute a welcome update.

Event Speakers Start End

Sunday
  Software Ecosystems as Networks
Advances on the FASTEN project		 Paolo Boldi 10:00 10:45
  DepClean: Automatically revealing bloated software dependencies in Maven projects César Soto Valero 10:45 11:30
  Lost in Zero Space
Can we trust depending on packages with major version zero? 		Tom Mens 11:30 12:15
  Early warning signs for open source breakages
Using crowd feedback from dependency automation as an early warning indicator		 Rhys Arkins 12:15 12:45
  As Strong as the Weakest Link
Securing the Software Supply Chain		 Brendan O'Leary 12:45 13:25
  Reusing dependencies across ecosystems: what stands in the way? Todd Gamblin 13:25 14:15