BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//python-asia-2026//talk//HS97ZU
BEGIN:VTIMEZONE
TZID:PST
BEGIN:STANDARD
DTSTART:20000101T000000
RRULE:FREQ=YEARLY;BYMONTH=1
TZNAME:PST
TZOFFSETFROM:+0800
TZOFFSETTO:+0800
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-python-asia-2026-HS97ZU@pretalx.com
DTSTART;TZID=PST:20260322T153000
DTEND;TZID=PST:20260322T160000
DESCRIPTION:Every modern Python project depends on dozens (sometimes hundre
 ds) of third-party packages. Each of them can - and regularly does - recei
 ve security advisories\, patches\, or CVEs. Even if you “just build busi
 ness logic”\, you inherit all the risks of your supply chain.\nThis talk
  is a practical introduction for early-career developers: why dependency s
 ecurity matters\, how to audit your environment with pip-audit\, what went
  wrong in several real CVEs found in 2025\, and how to build a lightweight
  but reliable patching workflow without breaking your production environme
 nt.\nPerfect for anyone who wants to level up their engineering maturity\,
  avoid supply-chain surprises\, understand what it really takes to keep de
 pendencies updated sustainably.
DTSTAMP:20260501T082212Z
LOCATION:Teresa Yuchengco Auditorium (Main Hall)
SUMMARY:pip-audit: dozens of vulnerabilities after - Kirill Tribunskii
URL:https://pretalx.com/python-asia-2026/talk/HS97ZU/
END:VEVENT
END:VCALENDAR