[Pycon] [new paper] "Ivan Pashchenko" - Say No to the Dependency Hell: Proper Management of Software Dependencies

[info a pycon.it]

Title: Say No to the Dependency Hell: Proper Management of Software Dependencies
Duration: 60 (includes Q&A)
Q&A Session: 15
Language: en
Type: Talk

Abstract: Have you ever specified any third-party libraries in the _requirements_ file of your project (or even locked them with _pipenv_)? Then this talk is for you.

I am sure, that you are very busy with the development of your own project, but you probably also know that the code you wrote in your project is just the top of the iceberg. There also exists a huge part of the code hidden within the dependencies. And it also needs to be considered, when we are talking about bugs and security vulnerabilities.

After attending this talk you will learn how to manage software dependencies in Python to make your projects free from vulnerable dependencies. First, I am going to introduce you the dependency management process in Python and describe why the proper dependency management is important. Then we will have an overview of the existing solutions, such as the Python _Safety_ library and Github's software dependency initiative. Finally, I will leverage on these approaches and present you the methodology for managing vulnerable dependencies, which we have developed in the Security Research Lab of the University of Trento (Italy) in collaboration with SAP Security Research (France).

_Note: the talk will be an extended version of the presentation given at ESEM-2018 (the top-level scientific conference), greatly improved according to the practical insights and recommendations of skilled industrial specialists (coming from more than 10 companies and 5 countries), that we received during the validation of the developed methodology for automatic dependency management._

Tags: [u'dependency-management', u'#security', u'OpenSource']