18:30 Ivan Pashchenko: Say No to the Dependency Hell: Proper Management of Software Dependencies
We are sure, that you are very busy with the development of your own project, but you probably also know that the code you wrote in your project is just the top of the iceberg. There also exists a huge part of the code hidden within the dependencies. And it also needs to be considered, when we are talking about bugs and security vulnerabilities.
During the talk Ivan Plashenko will discuss how to automatically manage software dependencies, so you will not receive an unpleasant gift of a vulnerable dependency. First, Ivan Plashenko will have an overview of the existing options, such as the Github's software dependency initiative. Then, Ivan Plashenko will leverage on this approach and present you the methodology for managing vulnerable dependencies, which Ivan Plashenko has developed in the Security Research Lab of the University of Trento (Italy) in collaboration with SAP Security Research (France).
Note: the talk will be an extended version of the presentation given by Ivan Plashenko at ESEM-2018 (the top-level scientific conference), greatly benefited by the practical insights and recommendations from skilled industrial specialists (coming from more than 15 companies and 10 countries), that Ivan Plashenko received during the validation of the developed methodology for automatic dependency management.
19:00 Open discussion