BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//talk//XMJTXP
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-XMJTXP@pretalx.com
DTSTART;TZID=CET:20260507T141000
DTEND;TZID=CET:20260507T144500
DESCRIPTION:Open source software is the ultimate neighborhood party—doors
  open\, music playing\, people bringing their best dishes (or code). Proje
 cts grow fast\, the energy is contagious\, and everyone benefits from the 
 collective creativity. But in every good party\, there’s risk: the frien
 d-of-a-friend-of-a-friend who slips in unnoticed\, doesn’t follow the ho
 use rules\, and eventually leaves you with a hole in the drywall.\n\nIn th
 e open source world\, that’s dependency hell. It starts with a package y
 ou trust—but that package has its own dependencies\, which have their ow
 n dependencies\, and somewhere deep in that chain lurks outdated\, vulnera
 ble\, or even malicious code. You didn’t invite it\, you don’t know it
 ’s there\, but it’s living in your codebase rent-free. And attackers l
 ove this—because if they compromise just one small link in that long cha
 in\, they can crash your entire project.\n\nIn this session\, we’ll dig 
 into the messy reality of dependency hell and its role in software supply 
 chain security incidents. We’ll examine real-world examples where hidden
  or neglected dependencies became the entry point for compromise\, from ty
 posquatting attacks to maintainer account takeovers. We’ll explore why i
 t’s not just about malicious intent—sometimes the “bad guest” is s
 imply an abandoned project with known CVEs that no one bothered to patch.
DTSTAMP:20260412T024821Z
LOCATION:Workshops and Stage - Gernsback (C1.05.02)
SUMMARY:Managing Uninvited Guests: Securing Open Source Dependencies - Kadi
  McKean\, Frithjof Hoffmann
URL:https://pretalx.com/bsidesluxembourg-2026/talk/XMJTXP/
END:VEVENT
END:VCALENDAR