BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//speaker//AGTJWH
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-CDJP3Z@pretalx.com
DTSTART;TZID=CET:20260507T093500
DTEND;TZID=CET:20260507T101500
DESCRIPTION:In the original Matrix movie\, Neo learned Kung Fu through an u
 pload.  Imagine if your ML could learn the same way.  That's what a pickle
  file does for ML - "I KNOW KUNG FU" or whatever was in the file that was 
 supposed to be "learned" by your ML model.\nWhat if there was a plot twist
  where Agent Smith tampered with the Kung Fu module so that it included a 
 fun "bonus" lesson that "taught" Neo to call Agent Smith every time he was
    trying to find an exit?\nThat's what's happening in Pickle Files\, and 
 that's the setup for ML and AI.\n\nThis talk will step through the threat\
 , some examples\, and emerging detection capabilities.  You will KNOW Kung
  Fu when it's over.
DTSTAMP:20260412T011335Z
LOCATION:IFEN room 2\, Workshops and AI Security Village  (Building D)
SUMMARY:Death By Pickle: "Python's Betrayal ML" - Kadi McKean\, Frithjof Ho
 ffmann
URL:https://pretalx.com/bsidesluxembourg-2026/talk/CDJP3Z/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-XMJTXP@pretalx.com
DTSTART;TZID=CET:20260507T141000
DTEND;TZID=CET:20260507T144500
DESCRIPTION:Open source software is the ultimate neighborhood party—doors
  open\, music playing\, people bringing their best dishes (or code). Proje
 cts grow fast\, the energy is contagious\, and everyone benefits from the 
 collective creativity. But in every good party\, there’s risk: the frien
 d-of-a-friend-of-a-friend who slips in unnoticed\, doesn’t follow the ho
 use rules\, and eventually leaves you with a hole in the drywall.\n\nIn th
 e open source world\, that’s dependency hell. It starts with a package y
 ou trust—but that package has its own dependencies\, which have their ow
 n dependencies\, and somewhere deep in that chain lurks outdated\, vulnera
 ble\, or even malicious code. You didn’t invite it\, you don’t know it
 ’s there\, but it’s living in your codebase rent-free. And attackers l
 ove this—because if they compromise just one small link in that long cha
 in\, they can crash your entire project.\n\nIn this session\, we’ll dig 
 into the messy reality of dependency hell and its role in software supply 
 chain security incidents. We’ll examine real-world examples where hidden
  or neglected dependencies became the entry point for compromise\, from ty
 posquatting attacks to maintainer account takeovers. We’ll explore why i
 t’s not just about malicious intent—sometimes the “bad guest” is s
 imply an abandoned project with known CVEs that no one bothered to patch.
DTSTAMP:20260412T011335Z
LOCATION:Workshops and Stage - Gernsback (C1.05.02)
SUMMARY:Managing Uninvited Guests: Securing Open Source Dependencies - Kadi
  McKean\, Frithjof Hoffmann
URL:https://pretalx.com/bsidesluxembourg-2026/talk/XMJTXP/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-7DGVSU@pretalx.com
DTSTART;TZID=CET:20260508T094000
DTEND;TZID=CET:20260508T102000
DESCRIPTION:Imagine curating an art gallery—you wouldn’t hang just any 
 painting on the wall. Each piece is carefully selected\, verified for auth
 enticity\, and preserved to ensure a valuable experience for visitors. The
  same meticulous approach applies to software development.\nSecure curatio
 n of open source isn’t about stifling creativity\; it’s about ensuring
  that the dependencies we bring into our applications are secure\, well-ma
 intained\, and reliable. As an art curator protects against forgeries and 
 deterioration\, developers must assess third-party components for malware\
 , tampering\, vulnerabilities\, licensing risks\, and long-term sustainabi
 lity.\nThis talk will explore why curation is the foundation of secure sof
 tware supply chains. We’ll discuss practical strategies for evaluating d
 ependencies\, maintaining a trusted repository\, and leveraging free tools
  to automate the process. By adopting a safe curation mindset\, developers
  can sleep better at night\, knowing their applications rest on a foundati
 on of safe\, high-quality components.
DTSTAMP:20260412T011335Z
LOCATION:Workshops and Stage - Gernsback (C1.05.02)
SUMMARY:Curating Secure Software: The Art of Selecting Safe Dependencies - 
 Kadi McKean\, Frithjof Hoffmann
URL:https://pretalx.com/bsidesluxembourg-2026/talk/7DGVSU/
END:VEVENT
END:VCALENDAR