FOSDEM, February 6-7, 2021, Online

February 6-7, 2021


We are happy and proud to announce that FASTEN is coordinating at FOSDEM 2021 a developer room on the topic of Dependency Management.
Date: Sunday February 7, from 10:00am to 14:00pm.
Room: Online

Read the details of the CALL FOR PARTICIPATION and submit your proposals. Deadline: December 23. Call closed now. 

Join the session on February 7 at 10:00am, video, Q&A and chat available.


Abstract: As open source continues its incredible growth, reusing open source software components has become essential in any software development cycle. The counterpart to this great success is that managing the security, regression and licensing risks generated by reusing existing components has become a critical issue for developers. Most development teams still fail to adequately inventory their software dependencies. Even as more code is produced, indirect dependencies continue to undermine security and account for the majority of vulnerabilities.

As demonstrated by much talked about events such as the LeftPad incident, which led to hundreds of thousands of websites to stop working, and the Equifax data breach, which led to a leak of hundreds of thousands of credit card numbers, dependencies on networks of external libraries can introduce significant operational and compliance risks as well as difficulties to assess security implications.

What have been the recent progresses in dependency management made available to developers? What are the remaining key challenges? What future improvements can we expect from industry or from research?

This Devroom aims to establish the state of the art in dependency management, it builds upon the success of last year’s Devroom to which it will constitute a welcome update.


10h - 10h45: Software Ecosystem as Networks - Advances on the FASTEN project, Paolo Boldi, Milano University - pdf.png -  
10h45 - 11h30: DepClean: Automatically revealing bloated software dependencies in Maven projects, César Soto Valero, KTH University, Sweden - pdf.png -  
11h30 - 12h15: Lost in Zero Space - Can we trust depending on packages with major version zero?, Tom Mens, University of Mons, Belgium - pdf.png -  
12h15 - 12h45: Early warning signs for open source breakages - Using crowd feedback from dependency automation as an early warning indicator,  Rhys Arkins, Whitesourcesoftware pdf.png -  
12h45 - 13h20: As Strong as the Weakest Link - Securing the Software Supply Chain, Brendan O'Leary, GitLab - pdf.png -  
13h20 - 14h: Reusing dependencies across ecosystems: what stands in the way? Todd Gamblin, Lawrence Livermore National Laboratory - pdf.png

Abstract of FASTEN presentation: The goal of the EU project FASTEN is being able to perform a more sophisticated analysis of security-vulnerability propagation, licensing compliance,  and dependency risk profiles (among others) by relying on the call-level dependency network of the whole software ecosystem. We outline the purpose and structure of the project, and present some preliminary results.

Find more about the Dependency Management Devroom on FOSDEM website.


Visit us on the OW2 Virtual booth and chat with the FASTEN team!