February 6-7, 2021


We are happy and proud to announce that FASTEN is coordinating at FOSDEM 2021 a developer room on the topic of Dependency Management.
Date: Sunday February 7
Room: Online

The CALL FOR PRESENTATION is open and we look forward to reading your proposals. 

Read the details of the CALL FOR PARTICIPATION and submit your proposals. Deadline: December 23. Call closed now. 


Abstract: As open source continues its incredible growth, reusing open source software components has become essential in any software development cycle. The counterpart to this great success is that managing the security, regression and licensing risks generated by reusing existing components has become a critical issue for developers. Most development teams still fail to adequately inventory their software dependencies. Even as more code is produced, indirect dependencies continue to undermine security and account for the majority of vulnerabilities.

As demonstrated by much talked about events such as the LeftPad incident, which led to hundreds of thousands of websites to stop working, and the Equifax data breach, which led to a leak of hundreds of thousands of credit card numbers, dependencies on networks of external libraries can introduce significant operational and compliance risks as well as difficulties to assess security implications.

What have been the recent progresses in dependency management made available to developers? What are the remaining key challenges? What future improvements can we expect from industry or from research?

This Devroom aims to establish the state of the art in dependency management, it builds upon the success of last year’s Devroom to which it will constitute a welcome update.


10h - 10h45: FASTEN Intelligent Package Management, Paolo Boldi, Milano University
10h45 - 11h30: DepClean: Automatically revealing bloated software dependencies in Maven projects, César Soto Valero, KTH University, Sweden
11h30 - 12h15: Lost in Zero Space (Can we trust depending on packages with major version zero?), Tom Mens, University of Mons, Belgium
12h15 - 12h45: Early warning signs for open source breakages (Using crowd feedback from dependency automation as an early warning indicator),  Rhys Arkins, Whitesourcesoftware
12h45 - 13h20: As Strong as the Weakest Link (Securing the Software Supply Chain), Brendan O'Leary, GitLab
13h20 - 14h: Reusing dependencies across ecosystems: what stands in the way? Todd Gamblin, Lawrence Livermore National Laboratory

Find more about the Dependency Management Devroom on FOSDEM website

Site maintained by OW2