2026-05-07 –, Workshops and Stage - Gernsback (C1.05.02)
Open source software is the ultimate neighborhood party—doors open, music playing, people bringing their best dishes (or code). Projects grow fast, the energy is contagious, and everyone benefits from the collective creativity. But in every good party, there’s risk: the friend-of-a-friend-of-a-friend who slips in unnoticed, doesn’t follow the house rules, and eventually leaves you with a hole in the drywall.
In the open source world, that’s dependency hell. It starts with a package you trust—but that package has its own dependencies, which have their own dependencies, and somewhere deep in that chain lurks outdated, vulnerable, or even malicious code. You didn’t invite it, you don’t know it’s there, but it’s living in your codebase rent-free. And attackers love this—because if they compromise just one small link in that long chain, they can crash your entire project.
In this session, we’ll dig into the messy reality of dependency hell and its role in software supply chain security incidents. We’ll examine real-world examples where hidden or neglected dependencies became the entry point for compromise, from typosquatting attacks to maintainer account takeovers. We’ll explore why it’s not just about malicious intent—sometimes the “bad guest” is simply an abandoned project with known CVEs that no one bothered to patch.
Open source is like a house party—everyone’s invited. But dependency hell is that friend-of-a-friend-of-a-friend who puts a hole in the wall. One rogue package can take down your whole project. Learn how to spot and block unwanted guests before they trash your software supply chain.
At ReversingLabs, I work with customers and partners across Europe to implement scalable, intelligence-driven solutions that address the growing challenges of modern software development and supply-chain integrity. My work covers areas such as Software Bill of Materials (SBOM) management, malware analysis, and advanced file and binary inspection.
I’m passionate about translating complex cybersecurity topics into clear, actionable strategies that align with business goals. I focus on turning cybersecurity from a reactive defense into a proactive enabler of innovation. I also enjoy engaging in conversations about the evolving threat landscape, the future of software trust, and how automation and AI can strengthen cyber defense.
My goal is to help organizations build not just safer software, but stronger security cultures, where transparency, collaboration, and continuous improvement are at the center of every initiative.
I’m a technical sales engineer and cybersecurity professional specializing in software supply-chain security, threat intelligence, and risk management. Based in Moormerland, Germany, I combine deep technical expertise with a strategic, customer-focused approach to help organizations gain visibility, reduce risk, and strengthen resilience across their software ecosystems.
At ReversingLabs, I work with customers and partners across Europe to implement scalable, intelligence-driven solutions that address the growing challenges of modern software development and supply-chain integrity. My work covers areas such as Software Bill of Materials (SBOM) management, malware analysis, and advanced file and binary inspection.
I’m passionate about translating complex cybersecurity topics into clear, actionable strategies that align with business goals. I focus on turning cybersecurity from a reactive defense into a proactive enabler of innovation. I also enjoy engaging in conversations about the evolving threat landscape, the future of software trust, and how automation and AI can strengthen cyber defense.
My goal is to help organizations build not just safer software, but stronger security cultures, where transparency, collaboration, and continuous improvement are at the center of every initiative.