2025-09-14 –, Ballroom 1
Number 5 will shock you!
Forget what you think you know about robust dependency graphs, the security gains of living at Head, and those supposedly solid requirements.txt. We'll get down to the nitty-gritty of open source security, giving you real-world large-scale insights to understanding common misconceptions across programming ecosystems.
While it’s true that there is only one dependency graph (for you) (*right now) it’s not always understood what impact this can have at an ecosystem level.
We’ve got ecosystem level stats on just how many PURLs map to multiple different packages, dependency graph shifts that happen faster than you can type git commit, and some surprises with Git (im)mutability!
We will talk about vulnerabilities in your transitive dependencies, understanding what even ARE your dependencies, and trying to identify what that one (*for certain values of one) CVE you were supposedly affected by actually is. (Not to mention what, if anything, you can do about it.)
You’ll leave this talk with a better understanding of open source edge cases and just how common they are. You’ll be shocked, amazed, horrified, and hopefully a little optimistic about the state of open source security and your place within it.
We all make assumptions about our builds and dependencies, but those can lead to misunderstandings and surprises. We aim to test these assumptions by highlighting unexpected things we’ve learned from analysing the world’s open source code, leading to a common understanding of what makes this space so complex and ambiguous.
This talk will cover information about Python as well as many other programming environments.
Nicky describes herself as a recovering academic with a background in Computational Linguistics, and a recovering startup edtech founder. She co-founded Tech Inclusion, a technology education not-for-profit, and Grok Learning: a startup teaching hundreds of thousands of students to solve problems with code, before joining Big Tech where she currently works as a Product Manager in open source security.
Named one of Australia's inaugural “Superstars of STEM” and an AFR 'Women of Influence', Nicky is passionate about teaching the next generation to become the creators of tomorrow, while building a healthy, diverse community for them to thrive in.
