SlideShare a Scribd company logo

Dependency management: the cause of—and solution to—all supply chain problems

All Things Open, profile picture
All Things Open

The document discusses dependency management in software development, highlighting how it influences vulnerability remediation as supply chain attacks increase. It outlines the complexity of dependency resolution, the evolution of dependency graphs over time, and the need for effective strategies to manage these dependencies. Key statistics include the gradual remediation timeline for vulnerabilities like Log4shell, illustrating the challenges faced in timely fixes for affected packages.

Technology
Related topics:
All Things Open
1 of 129
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
Learn more at deps.dev Eve Martin-Jones, Josie Anugerah Software Engineers, Google Dependency management: the cause of - and solution to - all supply chain problems
deps.dev Google Open Source Security Team securityscorecards.dev slsa.dev osv.dev …and more { deps.dev GOSST
deps.dev deps.dev BigQuery dataset API Website
deps.dev Open source software continues to grow Source: Sonatype. 4
deps.dev Supply chain attacks are increasing Source: Sonatype. 5
deps.dev Our remediation strategies aren’t keeping up Source: Sonatype. 6
deps.dev
deps.dev log4shell discovered Remediation timeline: log4shell APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 FEB 22 NOV 21 DEC 21 MAR 22 JAN 22
deps.dev Remediation timeline: log4shell 13% of packages affected by log4shell fixed after 1 week APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 FEB 22 NOV 21 DEC 21 MAR 22 JAN 22 log4shell discovered
deps.dev Remediation timeline: log4shell 13% of packages affected by log4shell fixed after 1 week APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 25% of packages affected by log4shell fixed after 10 days FEB 22 NOV 21 DEC 21 MAR 22 JAN 22 log4shell discovered
deps.dev Remediation timeline: log4shell ~40% of packages affected by log4shell fixed after a few months 13% of packages affected by log4shell fixed after 1 week APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 25% of packages affected by log4shell fixed after 10 days FEB 22 NOV 21 DEC 21 MAR 22 JAN 22 log4shell discovered
deps.dev ~40% of packages affected by log4shell fixed after a few months ~70% of packages affected by log4shell fixed by end of year 13% of packages affected by log4shell fixed after 1 week APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 25% of packages affected by log4shell fixed after 10 days FEB 22 NOV 21 DEC 21 MAR 22 JAN 22 Remediation timeline: log4shell log4shell discovered
deps.dev
deps.dev Remediation timeline: colors APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 FEB 22 Malicious colors versions published NOV 21 DEC 21 MAR 22 JAN 22 ~40% of packages affected by log4shell fixed after a few months ~70% of packages affected by log4shell fixed by end of year log4shell discovered APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 25% of packages affected by log4shell fixed after 10 days FEB 22 NOV 21 DEC 21 MAR 22 JAN 22 13% of packages affected by log4shell fixed after 1 week
deps.dev APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 FEB 22 Malicious colors versions published NOV 21 DEC 21 MAR 22 JAN 22 100% of packages affected by colors fixed after 3 days Remediation timeline: colors ~40% of packages affected by log4shell fixed after a few months ~70% of packages affected by log4shell fixed by end of year log4shell discovered APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 25% of packages affected by log4shell fixed after 10 days FEB 22 NOV 21 DEC 21 MAR 22 JAN 22 13% of packages affected by log4shell fixed after 1 week
deps.dev Dependency management!!
deps.dev 1. What is dependency resolution? 2. What does a typical dependency graph look like? 3. Dependency graphs change over time 4. How dependency management affects vulnerability remediation 5. Solutions for managing your dependencies at scale Agenda
1. What is dependency resolution?
deps.dev Each dependency is actually a set of constraints/requirements A B >= 1.5
deps.dev The dependency resolution algorithm decides which versions are included B 1.0.0 B 1.5.1 A ? B >= 1.5
deps.dev Each ecosystem has its own dependency resolution tools ● go mod ● cargo install ● nuget add ● pip install ● ....
deps.dev The dependency resolution algorithm decides which versions are included B 1.0.0 B 1.5.1 A B >=1.5
deps.dev Dependencies have dependencies (which have dependencies....) C 2.0.0 B 1.5.1 A B >=1.5 C >= 2
deps.dev Dependency resolution is constraint satisfaction B 1.5.1 A B >=1.5 C >= 2 X ? X >= 1
deps.dev Dependency resolution is constraint satisfaction B 1.5.1 A B >=1.5 C >= 2 X 1.0.0 X >= 1 X 1.1.0 X 1.0.2 C >= 2 C >= 2.1 C =1.0.1 ?
deps.dev Dependency resolution is constraint satisfaction B 1.5.1 A B >=1.5 C >= 2 X 1.0.0 C >= 2 ? X >= 1
deps.dev Dependency resolution is constraint satisfaction B 1.5.1 A B >=1.5 C >= 2 X 1.0.0 C >= 2 C 2.0.0 X >= 1
deps.dev Dependency resolution is constraint satisfaction B 1.5.1 A B >=1.5 C >= 2 X 1.1.0 X >= 1 C >= 2.1 ?
deps.dev Dependency resolution is constraint satisfaction B 1.5.1 A B >=1.5 C >= 2 X 1.1.0 C >= 2.1 C 2.1.0 X >= 1
deps.dev The diamond dependency problem B 1.5.1 A B >=1.5 C >= 2 X 1.2.0 C =1.0.1 X >= 1 ☹
deps.dev The diamond dependency problem B 1.5.1 A B >=1.5 C >= 2 X 1.0.0 X >= 1 X 1.1.0 X 1.2.0 C >= 2 C >= 2.1 C =1.0.1 ?
deps.dev The diamond dependency problem B A B >=1.5 X ? X >= 1 ?
deps.dev Dependency resolution is NP-complete
deps.dev Sudoku solver 6 4 2 9 3 9 4 5 8 2 1 9 7 5 6 8 2 7 5 1 8 4 6
deps.dev Sudoku solver 5
deps.dev Sudoku solver 5
deps.dev Sudoku solver 5
deps.dev Sudoku solver 5
deps.dev Sudoku solver 6 4 2 9 3 9 4 5 8 2 1 9 7 5 6 8 2 7 5 1 8 4 6
deps.dev Sudoku solver 1 6 4 5 3 7 8 2 9 2 8 5 1 6 9 7 4 3 3 9 7 2 4 8 6 1 5 4 5 1 8 9 3 2 6 7 8 7 6 4 5 2 9 3 1 9 2 3 7 1 6 4 5 8 6 3 8 9 2 5 1 7 4 5 4 9 6 7 1 3 8 2 7 1 2 3 8 4 5 6 6
deps.dev 2x2 sudoku solver 0 A B D C
deps.dev 2x2 sudoku solver 0 1 1 A B D C
deps.dev 2x2 sudoku solver 0 1 1 0 A B D C
deps.dev 0 A B D C Project A 0.0.0 A=0
deps.dev 2x2 sudoku solver 0 A B D C B 0.0.0 C 0.0.0 B ! = 0 C ! = 0 B 1.0.0 ? C 1.0.0 ? A 0.0.0 A=0 Project
deps.dev 2x2 sudoku solver 0 1 1 A B D C B 1.0.0 C 1.0.0 B ! = 0 C ! = 0 A 0.0.0 A=0 Project
deps.dev 2x2 sudoku solver 0 1 1 A B D C B 1.0.0 C 1.0.0 D 0.0.0 B ! = 0 D ! = 1 C ! = 0 D ! = 1 D 1.0.0 ? A 0.0.0 A=0 Project
deps.dev 2x2 sudoku solver 0 1 1 0 A B D C B 1.0.0 C 1.0.0 D 0.0.0 B ! = 0 D ! = 1 C ! = 0 D ! = 1 A 0.0.0 A=0 Project
deps.dev Sudoku solver AA Package AA Version 1 A B C D E F G H I A B C D E F G H I
deps.dev Sudoku solver AA AB AC AD AE AF AG AH AI Package AA Version 1 Constraints: BA!=1 CA!=1 DA!=1 EA!=1 FA!=1 GA!=1 HA!=1 IA!=1 (row) A B C D E F G H I A B C D E F G H I
deps.dev Sudoku solver AA AB AC AD AE AF AG AH AI BA CA DA EA FA GA HA IA Package AA Version 1 Constraints: BA!=1 CA!=1 DA!=1 EA!=1 FA!=1 GA!=1 HA!=1 IA!=1 (row) AB!=1 AC!=1 AD!=1 AE!=1 AF!=1 AG!=1 AH!=1 AI!=1 (column) A B C D E F G H I A B C D E F G H I
deps.dev Sudoku solver AA AB AC AD AE AF AG AH AI BA BB BC CA CB CC DA EA FA GA HA IA Package AA Version 1 Constraints: BA!=1 CA!=1 DA!=1 EA!=1 FA!=1 GA!=1 HA!=1 IA!=1 (row) AB!=1 AC!=1 AD!=1 AE!=1 AF!=1 AG!=1 AH!=1 AI!=1 (column) AB!=1 AC!=1 BA!=1 BB!=1 BC!=1 CA!=1 CB!=1 CC!=1 (square) A B C D E F G H I A B C D E F G H I
deps.dev Sudoku solver AA AB AC AD AE AF AG AH AI BA BB BC CA CB CC DA EA FA GA HA IA Package AA Version 1 Constraints: BA!=1 CA!=1 DA!=1 EA!=1 FA!=1 GA!=1 HA!=1 IA!=1 (row) AB!=1 AC!=1 AD!=1 AE!=1 AF!=1 AG!=1 AH!=1 AI!=1 (column) AB!=1 AC!=1 BA!=1 BB!=1 BC!=1 CA!=1 CB!=1 CC!=1 (square) And likewise for package AA version 2, 3, etc. And likewise for package AB, AC…!! A B C D E F G H I A B C D E F G H I
deps.dev Sudoku solver 0 1 1 0 �� �� ��
deps.dev Vulnerability remediation requires you to reverse engineer your resolution graph
2. What is a "typical" dependency graph?
deps.dev A simple dependency graph B A X C
deps.dev average number of direct dependencies for an npm package 6 average number of indirect dependencies for an npm package 110 Computed by deps.dev.
deps.dev Average number of dependencies Computed by deps.dev.
deps.dev A not-so-simple dependency graph A dependency graph for the npm package express @4.18.2
deps.dev :O A dependency graph for the Go module k8s.io/kubernetes@1.29.3
deps.dev Large dependency graphs can make it hard to identify and remediate vulnerabilities
3. Dependency graphs change over time
deps.dev Open vs pinned requirements ● Open ○ NPM: ^1.0.0 ○ Maven: [1.0,) ○ NuGet: [1.0.0,] ○ Cargo: >= 1.0.0 ○ PyPI: >=1.0.0 ● Pinned ○ NPM: =1.0.0 ○ Maven: 1.0.0 ○ NuGet: [1.0.0] ○ Cargo: =1.0.0 ○ PyPI: ==1.0.0
deps.dev Open vs pinned requirements ● Open ○ NPM: ^1.0.0 ○ Maven: [1.0,) ○ NuGet: [1.0.0,] ○ Cargo: >= 1.0.0 ○ PyPI: >=1.0.0 ● Pinned ○ NPM: =1.0.0 ○ Maven: 1.0.0 ○ NuGet: [1.0.0] ○ Cargo: =1.0.0 ○ PyPI: ==1.0.0
deps.dev Open vs pinned requirements ● Open ○ NPM: ^1.0.0 ○ Maven: [1.0,) ○ NuGet: [1.0.0,] ○ Cargo: >= 1.0.0 ○ PyPI: >=1.0.0 ● Pinned ○ NPM: =1.0.0 ○ Maven: 1.0.0 ○ NuGet: [1.0.0] ○ Cargo: =1.0.0 ○ PyPI: ==1.0.0
deps.dev Open vs pinned requirements ● Open ○ NPM: ^1.0.0 >=1,<2 ○ Maven: [1.0,) ○ NuGet: [1.0.0,] ○ Cargo: >= 1.0.0 ○ PyPI: >=1.0.0 ● Pinned ○ NPM: =1.0.0 ○ Maven: 1.0.0 ○ NuGet: [1.0.0] ○ Cargo: =1.0.0 ○ PyPI: ==1.0.0
deps.dev Oldest or newest? B 1.0.0 B 1.5.0 B 1.6.0 A ? B >= 1.5.0 oldest? Only get new features, fixes, bugs when you choose to update requirement Go/NuGet newest? freshest features/bug fixes! :) freshest new bugs? :( npm, Cargo, pip doesn't match constraint
deps.dev Dependency graphs change as new versions are published B 1.0.0 A B 1.0.1 B ^1.0.0 ? Time = 0 npm
deps.dev Dependency graphs change as new versions are published B 1.0.0 A B 1.0.1 npm B ^1.0.0 Time = 0
deps.dev Dependency graphs change as new versions are published B 1.0.0 A B 1.0.1 ? B 1.0.2 npm B ^1.0.0 Time = 1
deps.dev Dependency graphs change as new versions are published B 1.0.0 A B 1.0.1 B 1.0.2 npm B ^1.0.0 Time = 1
deps.dev Dependency graphs change as new versions are published B 1.0.0 A B 1.0.1 B 1.0.2 C npm B ^1.0.0 Time = 1
deps.dev Computed by deps.dev. PYPI npm Daily proportion of versions with graph changes (Oct 2024)
deps.dev Of the ~22 million npm package versions see a change in their licence set or vulnerability set every day 40,000 Computed by deps.dev.
deps.dev The dependency graph you’re managing constantly changes.
4. What does this mean for vulnerability remediation?
Proprietary + Confidential Of the time a package is affected by a vulnerability, it’s affected indirectly. 98% Computed by deps.dev: From all published libraries across npm, Go, Maven, PyPI, and Cargo
deps.dev Dependency requirements in Maven are often pinned 1. A version number: 1.0 “1.0 or a later version, if 1.0 is not available.” 2. Ends in a closed range, [1.0.0,2.0.3] or [1.0.0,2.0.3) 1.0.0 <= x <= 2.0.3 or 1.0.0 <= x < 2.0.3 3. Ends in an open range, [1.0,) 1.0 <= x 99% <1% <1% Computed by deps.dev.
deps.dev Remediating vulnerabilities in a dependency graph A 1.0.0 Project ! A=1.0.0
deps.dev Remediating vulnerabilities in a dependency graph A 1.0.0 Project ! A 1.0.1 A=1.0.1
deps.dev B 1.0.0 Project A 1.0.0 ! A =1.0.0 B=1.0.0 Remediating vulnerabilities in a dependency graph
deps.dev B 1.0.0 Project A 1.0.0 ! B 1.0.1 A =1.0.0 B=1.0.0 Remediating vulnerabilities in a dependency graph
deps.dev B 1.0.0 Project A 1.0.0 ! B 1.0.1 A 1.0.1 B=1.0.1 A =1.0.0 B=1.0.0 Remediating vulnerabilities in a dependency graph
deps.dev B 1.0.0 Project A 1.0.0 ! B 1.0.1 A 1.0.1 A=1.0.1 B=1.0.1 B=1.0.0 Remediating vulnerabilities in a dependency graph
deps.dev D 1.0.0 Project C 1.0.0 ! B 1.0.0 A 1.0.0 A=1.0.0 B=1.0.0 C=1.0.0 D=1.0.0 Remediating vulnerabilities in a dependency graph
deps.dev ! A=1.0.1 D 1.0.0 Project C 1.0.0 ! B 1.0.0 A 1.0.0 B=1.0.1 C=1.0.1 D=1.0.1 Remediating vulnerabilities in a dependency graph D 1.0.1 C 1.0.1 B 1.0.1 A 1.0.1
deps.dev Case study: Log4Shell
deps.dev How was log4j introduced? log4j? Maven package Depth 1 ! 20% Computed by deps.dev.
deps.dev How was log4j introduced? log4j? Maven package log4j? log4j? log4j? log4j? Depth 1 Depth 2 Depth 3 Depth 4 Depth 5 20% ! ! 80% ! ! ! Computed by deps.dev.
deps.dev ~40% of packages affected by log4shell fixed after a few months ~70% of packages affected by log4shell fixed by end of year 13% of packages affected by log4shell fixed after 1 week APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 25% of packages affected by log4shell fixed after 10 days FEB 22 NOV 21 DEC 21 MAR 22 JAN 22 Remediation timeline: log4shell log4shell discovered
deps.dev Issues in your dependency graph can be hard to fix.
deps.dev ! A=1.0.1 D 1.0.0 Project C 1.0.0 ! B 1.0.0 A 1.0.0 B=1.0.1 C=1.0.1 D=1.0.1 D 1.0.1 C 1.0.1 B 1.0.1 A 1.0.1 Remediating vulnerabilities in a dependency graph
deps.dev Go: Specifying from the root Project D 1.0.1 D = 1.0.1 Go D 1.0.0 C 1.0.0 B 1.0.0 A 1.0.0 !
deps.dev Dependency requirements in npm are often open 1. Allow new patches (~) 2. Allow compatible versions (patch or minor, ^) 3. Use neither 71% 3% 26%
deps.dev D 1.0.0 Open requirements in indirect vulnerability remediation ! D 1.0.1 D ^1.0.0 npm Project C 1.0.0 B 1.0.0 A 1.0.0
deps.dev Version selection in log4npm? npm
deps.dev Case study: colors Unaffected earlier releases 1.4.x (unaffected) 1.4.1 (affected) 1.4.2 (affected) ! ! Resolution Time Dependent packages
deps.dev Case study: colors Unaffected earlier releases 1.4.x (unaffected) 1.4.1 (affected) 1.4.2 (affected) ! ! Resolution Time Dependent packages
deps.dev Case study: colors Unaffected earlier releases 1.4.x (unaffected) 1.4.1 (affected) 1.4.2 (affected) ! ! Resolution Time Dependent packages
deps.dev Case study: colors Unaffected earlier releases 1.4.x (unaffected) 1.4.1 (affected) 1.4.2 (affected) ! ! Resolution Time Dependent packages
deps.dev Case study: colors Unaffected earlier releases 1.4.x (unaffected) 1.4.1 (affected) 1.4.2 (affected) ! ! Resolution Time Dependent packages
deps.dev Case study: colors Unaffected earlier releases 1.4.x (unaffected) 1.4.1 (affected) 1.4.2 (affected) ! ! Resolution Time Dependent packages
deps.dev Case study: colors Unaffected earlier releases 1.4.x (unaffected) 1.4.1 (affected) 1.4.2 (affected) ! ! Resolution Time Dependent packages
deps.dev APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 FEB 22 Malicious colors versions published NOV 21 DEC 21 MAR 22 JAN 22 100% of packages affected by colors fixed after 3 days Remediation timeline: colors ~40% of packages affected by log4shell fixed after a few months ~70% of packages affected by log4shell fixed by end of year log4shell discovered APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 22 OCT 22 NOV 22 DEC 22 25% of packages affected by log4shell fixed after 10 days FEB 22 NOV 21 DEC 21 MAR 22 JAN 22 13% of packages affected by log4shell fixed after 1 week
deps.dev Should all projects use open requirements and all resolvers choose latest versions?
deps.dev Case study: event-stream Source: blog.npmjs.org.
deps.dev Case study: event-stream
deps.dev Case study: event-stream Source: blog.npmjs.org. hey mate I can maintain event-stream for you if u want???? o sweet! thx! Here u go �� �� ��
deps.dev Case study: event-stream Source: blog.npmjs.org. hey mate I can maintain event-stream for you if u want???? o sweet! thx! Here u go �� ��
deps.dev Case study: event-stream Source: blog.npmjs.org. !
deps.dev Case study: event-stream Source: blog.npmjs.org. event-stream 3.3.5 A event-stream 3.3.4 ... 󰰝 󰰝 event-stream ^3.0.0
deps.dev Case study: event-stream Source: blog.npmjs.org. event-stream 3.3.5 A event-stream 3.3.4 ... event-stream 3.3.6 ! 󰰝 󰰝 event-stream ^3.0.0
deps.dev Case study: event-stream Source: blog.npmjs.org. event-stream 3.3.5 A event-stream 3.3.4 ... event-stream 3.3.6 ! 󰰝 󰰝 event-stream ^3.0.0
deps.dev Case study: event-stream Source: snyk.io.
deps.dev Pinned vs open requirements Pinned More control over your dependencies Open Automatic updates
deps.dev Effective dependency management requires tradeoffs.
5. Effective dependency management requires scalable solutions
deps.dev Solutions deps.dev Dependency Management OSSF Scorecard Dependency Monitoring osv-scanner Vulnerability Scanning oss-fuzz SBOM Generation Sigstore Project Allstar SLSA Image source: security.googleblog.com/2023/07/supply-chain-security-for-go-part-3.html
deps.dev docs.deps.dev/api Scan continuously: osv-scanner in action
deps.dev docs.deps.dev/api Scan continuously: osv-scanner in action
deps.dev Scan continuously: osv-scanner in action
deps.dev Guided remediation with osv-scanner Source: opensource.googleblog.com
deps.dev Package health: OpenSSF Scorecard
deps.dev Package health: deps.dev website
deps.dev Scan continuously: deps.dev API docs.deps.dev/api
deps.dev BigQuery dataset
deps.dev In conclusion... ● Dependency resolution is complicated ● Dependency graphs are big and change over time ● Dependency management affects vulnerability remediation ● Effective dependency management requires scalable solutions
deps.dev Links ● Deps.dev ○ docs.deps.dev/api ○ docs.deps.dev/bigquery ● osv.dev ● securityscorecards.dev ● slsa.dev ● github.com/google/oss-fuzz ● sigstore.dev ● Send us feedback: depsdev@google.com

More Related Content

PDF
Container Patching: Cloud Native Security Con 2023
Greg Castle
 
PDF
Sat4j: from the lab to desktop computers. OW2con'15, November 17, Paris.
OW2
 
PDF
Linking media, data, and services
Ruben Verborgh
 
PDF
Coscup
Giivee The
 
PDF
Applying your Convolutional Neural Networks
Databricks
 
PPTX
DevOpsGuys Performance Testing with APM Tools workshop
DevOpsGroup
 
PPTX
M.b.t.s. round 1 week 2 (2018)
Moon Bears To Space
 
PPTX
DevSecCon SG 2018 Fabian Presentation Slides
Fab L
 
Container Patching: Cloud Native Security Con 2023
Greg Castle
 
Sat4j: from the lab to desktop computers. OW2con'15, November 17, Paris.
OW2
 
Linking media, data, and services
Ruben Verborgh
 
Coscup
Giivee The
 
Applying your Convolutional Neural Networks
Databricks
 
DevOpsGuys Performance Testing with APM Tools workshop
DevOpsGroup
 
M.b.t.s. round 1 week 2 (2018)
Moon Bears To Space
 
DevSecCon SG 2018 Fabian Presentation Slides
Fab L
 

Similar to Dependency management: the cause of—and solution to—all supply chain problems (20)

PPTX
OpenWhisk
Juan Pablo Genovese
 
PDF
Go 1.8 Release Party
Rodolfo Carvalho
 
PDF
Tips & Tricks Android
intive
 
PPTX
AppSec USA 2014 talk by Chris Swan "Implications & Opportunities at the Bleed...
Cohesive Networks
 
PDF
AppSec Pipelines and Event based Security
Matt Tesauro
 
PPTX
NuGet (anti-)patterns - Tales from the Trenches
Xavier Decoster
 
PDF
Neighborly nagios
David Josephsen
 
PDF
Introduction of Tools for providing rich user experience in debugger
Naoto Ono
 
PPTX
DevOps Security for Good
Francisco Donoso
 
PDF
Bugs found in GCC with the help of PVS-Studio
PVS-Studio
 
PDF
Diefficiency Metrics: Measuring the Continuous Efficiency of Query Processing...
Maribel Acosta Deibe
 
PDF
An Introduction to Rancher
Conner Swann
 
PDF
Testing with Docker
toffermann
 
PPTX
NodeJs Can do that !! (NodeJs peut faire ça !!)
moassiongbon
 
PDF
Rihards Olups - Zabbix at Nokia - Case Study
Zabbix
 
PDF
A Tale of Two Workflows - ChefConf 2014
Pete Cheslock
 
PDF
DevSecCon Singapore 2018 - Remove developers’ shameful secrets or simply rem...
DevSecCon
 
PDF
Android howto hellowidget
Hiron Das
 
PDF
Android how to hellowidget
Mohammad Ali Raza Siddiqui
 
PDF
Improving your Agile Process
David Copeland
 
OpenWhisk
Juan Pablo Genovese
 
Go 1.8 Release Party
Rodolfo Carvalho
 
Tips & Tricks Android
intive
 
AppSec USA 2014 talk by Chris Swan "Implications & Opportunities at the Bleed...
Cohesive Networks
 
AppSec Pipelines and Event based Security
Matt Tesauro
 
NuGet (anti-)patterns - Tales from the Trenches
Xavier Decoster
 
Neighborly nagios
David Josephsen
 
Introduction of Tools for providing rich user experience in debugger
Naoto Ono
 
DevOps Security for Good
Francisco Donoso
 
Bugs found in GCC with the help of PVS-Studio
PVS-Studio
 
Diefficiency Metrics: Measuring the Continuous Efficiency of Query Processing...
Maribel Acosta Deibe
 
An Introduction to Rancher
Conner Swann
 
Testing with Docker
toffermann
 
NodeJs Can do that !! (NodeJs peut faire ça !!)
moassiongbon
 
Rihards Olups - Zabbix at Nokia - Case Study
Zabbix
 
A Tale of Two Workflows - ChefConf 2014
Pete Cheslock
 
DevSecCon Singapore 2018 - Remove developers’ shameful secrets or simply rem...
DevSecCon
 
Android howto hellowidget
Hiron Das
 
Android how to hellowidget
Mohammad Ali Raza Siddiqui
 
Improving your Agile Process
David Copeland
 
Ad

More from All Things Open (20)

PDF
Tech Hiring Is Not Dead - You Just Actually Have To Try
All Things Open
 
PDF
Agentic AI for Developers and Data Scientists Build an AI Agent in 10 Lines o...
All Things Open
 
PPTX
Big Data on a Small Budget: Scalable Data Visualization for the Rest of Us - ...
All Things Open
 
PDF
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
All Things Open
 
PDF
Let's Create a GitHub Copilot Extension! - Nick Taylor, Pomerium
All Things Open
 
PDF
Leveraging Pre-Trained Transformer Models for Protein Function Prediction - T...
All Things Open
 
PDF
Gen AI: AI Agents - Making LLMs work together in an organized way - Brent Las...
All Things Open
 
PDF
You Don't Need an AI Strategy, But You Do Need to Be Strategic About AI - Jes...
All Things Open
 
PPTX
DON’T PANIC: AI IS COMING – The Hitchhiker’s Guide to AI - Mark Hinkle, Perip...
All Things Open
 
PDF
Fine-Tuning Large Language Models with Declarative ML Orchestration - Shivay ...
All Things Open
 
PDF
Leveraging Knowledge Graphs for RAG: A Smarter Approach to Contextual AI Appl...
All Things Open
 
PPTX
Artificial Intelligence Needs Community Intelligence - Sriram Raghavan, IBM R...
All Things Open
 
PDF
Don't just talk to AI, do more with AI: how to improve productivity with AI a...
All Things Open
 
PPTX
Open-Source GenAI vs. Enterprise GenAI: Navigating the Future of AI Innovatio...
All Things Open
 
PDF
The Death of the Browser - Rachel-Lee Nabors, AgentQL
All Things Open
 
PDF
Making Operating System updates fast, easy, and safe
All Things Open
 
PDF
Reshaping the landscape of belonging to transform community
All Things Open
 
PDF
The Unseen, Underappreciated Security Work Your Maintainers May (or may not) ...
All Things Open
 
PDF
Integrating Diversity, Equity, and Inclusion into Product Design
All Things Open
 
PDF
The Open Source Ecosystem for eBPF in Kubernetes
All Things Open
 
Tech Hiring Is Not Dead - You Just Actually Have To Try
All Things Open
 
Agentic AI for Developers and Data Scientists Build an AI Agent in 10 Lines o...
All Things Open
 
Big Data on a Small Budget: Scalable Data Visualization for the Rest of Us - ...
All Things Open
 
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
All Things Open
 
Let's Create a GitHub Copilot Extension! - Nick Taylor, Pomerium
All Things Open
 
Leveraging Pre-Trained Transformer Models for Protein Function Prediction - T...
All Things Open
 
Gen AI: AI Agents - Making LLMs work together in an organized way - Brent Las...
All Things Open
 
You Don't Need an AI Strategy, But You Do Need to Be Strategic About AI - Jes...
All Things Open
 
DON’T PANIC: AI IS COMING – The Hitchhiker’s Guide to AI - Mark Hinkle, Perip...
All Things Open
 
Fine-Tuning Large Language Models with Declarative ML Orchestration - Shivay ...
All Things Open
 
Leveraging Knowledge Graphs for RAG: A Smarter Approach to Contextual AI Appl...
All Things Open
 
Artificial Intelligence Needs Community Intelligence - Sriram Raghavan, IBM R...
All Things Open
 
Don't just talk to AI, do more with AI: how to improve productivity with AI a...
All Things Open
 
Open-Source GenAI vs. Enterprise GenAI: Navigating the Future of AI Innovatio...
All Things Open
 
The Death of the Browser - Rachel-Lee Nabors, AgentQL
All Things Open
 
Making Operating System updates fast, easy, and safe
All Things Open
 
Reshaping the landscape of belonging to transform community
All Things Open
 
The Unseen, Underappreciated Security Work Your Maintainers May (or may not) ...
All Things Open
 
Integrating Diversity, Equity, and Inclusion into Product Design
All Things Open
 
The Open Source Ecosystem for eBPF in Kubernetes
All Things Open
 
Ad

Recently uploaded (20)

PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
A Presentation on Artificial Intelligence
memembruh336
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Approach and Philosophy of On baking technology
30anthuong17
 
project resource management chapter-09.pdf
ssuser00e6e21
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 

Dependency management: the cause of—and solution to—all supply chain problems