Online / 6 & 7 February 2021

visit

Dependency Management devroom


09 10 11 12 13 14 15 16 17 18
Sunday Software Ecosystems as Networks
Advances on the FASTEN project
DepClean: Automatically revealing bloated software dependencies in Maven projects Lost in Zero Space
Can we trust depending on packages with major version zero?
Early warning signs for open source breakages
Using crowd feedback from dependency automation as an early warning indicator
As Strong as the Weakest Link
Securing the Software Supply Chain
Reusing dependencies across ecosystems: what stands in the way?

Read the Call for Papers at https://www.fasten-project.eu/view/Events/FOSDEM21_Devroom_Call_For_Presentations.

As demonstrated by much talked about events such as the LeftPad incident, which led to hundreds of thousands of websites to stop working, and the Equifax data breach, which led to a leak of hundreds of thousands of credit card numbers, dependencies on networks of external libraries can introduce significant operational and compliance risks as well as difficulties to assess security implications. Most development teams still fail to adequately inventory their software dependencies. Even as more code is produced, indirect dependencies continue to undermine security and account for the majority of vulnerabilities.

What have been the recent progresses in dependency management made available to developers? What are the remaining key challenges? What future improvements can we expect from industry or from research?

This Devroom aims to establish the state of the art in dependency management, it builds upon the success of last year’s Devroom to which it will constitute a welcome update.

Event Speakers Start End

Sunday

  Software Ecosystems as Networks
Advances on the FASTEN project
Paolo Boldi 10:00 10:45
  DepClean: Automatically revealing bloated software dependencies in Maven projects César Soto Valero 10:45 11:30
  Lost in Zero Space
Can we trust depending on packages with major version zero?
Tom Mens 11:30 12:15
  Early warning signs for open source breakages
Using crowd feedback from dependency automation as an early warning indicator
Rhys Arkins 12:15 12:45
  As Strong as the Weakest Link
Securing the Software Supply Chain
Brendan O'Leary 12:45 13:25
  Reusing dependencies across ecosystems: what stands in the way? Todd Gamblin 13:25 14:15