FOSDEM, February 1-2, 2020, Brussels

February 1-2, 2020
Brussels, Belgium


We are happy and proud to announce that FASTEN is coordinating at FOSDEM 2020 a developer room on the topic of Dependency Management.
Date: Saturday afternoon, from 15:00 to 19:00pm.
Room: UD2.119

Link to the CALL FOR PARTICIPATION. CALL Closed now (deadline December 5). 


ABSTRACT: A popular form of software reuse involves linking open source software (OSS) libraries hosted on centralized code repositories, such as Maven, PyPI or NPM. Developers only need to declare dependencies to external libraries, and automated tools make them available to the workspace of the project. As recent events such as the LeftPad incident, which led to hundreds of thousands of websites to stop working, and the Equifax data breach, which led to a leak of hundreds of thousands of credit card numbers, have demonstrated, dependencies on networks of external libraries can introduce significant operational and compliance risks as well as difficulties to assess security implications.
What to do about that? What are the existing solutions and their limits? What future improvements can we expect from industry or from research? This Devroom is dedicated to discussing software dependencies and package dependency networks: issues, solutions and best practices.
This devroom will provide an opportunity for everyone to meet and exchange about dependency management issues, challenges and solutions. 


  • 15:00 - 15:30 - FASTEN: Scaling static analyses to ecosystem, Georgios Gousios, Researcher, TUDelft - slideshare.png   
  • 15:30 - 16:00 - There's no sustainability problem in FOSS, Except that there is, Carol Smith, Senior Program Manager in the Open Source Programs Office, Microsoft and Duane O'Brie,  Head of Open Source at - pdf.png -  
  • 16:00 - 16:30 - Comparing dependency management issues across packaging ecosystems, Tom Mens, Software Engineering Lab, University of Mons, Belgium - slideshare.png
  • 16:30 - 17:00 - Building Confidence & Overcoming Insecurity, The ultimate software supply chain self-help guide, Jeff McAffer, Senior Director of Product, GitHub -   
  • 17:00 - 17:30 - Precise, cross-project code navigation at GitHub scale, Douglas Creager, Manager of Semantic Code team at GitHub - pdf.png -   
  • 17:30 - 18:00 - Spack's new Concretizer Dependency solving is more than just SAT! Todd Gamblin, Senior Principal Member, Livermore Computing at Lawrence Livermore National Laboratory - pdf.png -  
  • 18:00 - 18:45 Package managers: resolve differences. Lively panel discussion on package management, William Bartholomew, Product Manager on the Security and Compliance team at GitHub. -  

Find more information on FOSDEM website : or (no registration is needed to join FOSDEM sessions).