Name: Episode AI: The Phantom (Dependency) Menace - Darren Meyer, Endor Labs
Start: 2024-10-22T15:10:00-0400
End: 2024-10-22T15:40:00-0400

October 22-23, 2024 | Atlanta, Georgia USA
View More Details & Registration

The Sched app allows you to build your schedule but is separate from your event registration. You must be registered for SOSS Fusion 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Eastern Daylight Saving Time. To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.

Tuesday October 22, 2024 3:10pm - 3:40pm EDT

Skelton

OSS dependencies don't always come from carefully-managed manfiests and lockfiles -- sometimes they're phantoms. This pattern is especially common for AI and ML projects. If you're to manage these dependencies (for ops, for compliance/accurate SBOMs, for vuln management, etc.) then you need to understand how they enter your environment, and how to find them.
This presentation discusses why and how phantom dependencies are used, why they're so much more common in AI and ML projects, and vendor-neutral tactics for identifying and associating them correctly to your applications.

Speakers

Darren Meyer

Staff Research Engineer, Endor Labs

Darren has over 18 years in AppSec as a practitioner, researcher, developer-champion, and leader. He brings his passion for resiliency in socio-technical systems to the AppSec ecosystem for work, and obsesses over coffee for play.

Tuesday October 22, 2024 3:10pm - 3:40pm EDT
Skelton

SW Development + OSS

SOSS Fusion 2024

Darren Meyer

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!