Kirill Tribunskii
Kirill Tribunskii is a Python Development Lead focused on the architecture and development of reliable backend systems for ML-driven fintech services. His work centers on making large distributed systems maintainable, keeping CI/CD pipelines dependable, and treating everyday engineering discipline as the foundation for long-term project health. He enjoys attending meetups and conferences to connect with tech and security professionals, exchange ideas, and explore innovative approaches to development.
Session
Every modern Python project depends on dozens (sometimes hundreds) of third-party packages. Each of them can - and regularly does - receive security advisories, patches, or CVEs. Even if you “just build business logic”, you inherit all the risks of your supply chain.
This talk is a practical introduction for early-career developers: why dependency security matters, how to audit your environment with pip-audit, what went wrong in several real CVEs found in 2025, and how to build a lightweight but reliable patching workflow without breaking your production environment.
Perfect for anyone who wants to level up their engineering maturity, avoid supply-chain surprises, understand what it really takes to keep dependencies updated sustainably.