Session: 2 for 1: Beyond passwords: Secure authentication with passkeys/Hidden Depths: problems and solutions in fixing advisories in your dependencies
Beyond passwords: Secure authentication with passkeys – Remy Bertot
Step into the future of authentication. In this session, we will explore passkeys as a replacement for passwords. Discover the advantages of passkeys over traditional authentication methods and gain insights into the future of passkeys. It won’t be without its challenges. Don’t worry! Together, we will fearlessly explore the potential pitfalls of passkeys and gain valuable knowledge on overcoming these obstacles. Join us to see how the future of passkeys promises convenience and unparalleled protection.
Hidden Depths: problems and solutions in fixing advisories in your dependencies – Josie Anugerah
How many dependencies does your open source project have?
How many vulnerabilities are in your dependency graph?
How regularly do you remediate advisories in your dependency graph?
Can you trust the owners of each of your dependencies to promptly fix any newly-reported vulnerabilities deep into the graph?
Our analysis at deps.dev revealed that the average npm package has 12 direct dependencies, but nearly 300 indirect dependencies. This is a volume of dependencies too difficult for single maintainers to vet manually. To make matters more difficult, these graphs change. About 20% of PyPI packages change their dependency graphs multiple times per week.
All of this makes vulnerability remediation in your dependency graph an understandably daunting task. It’s also a task fraught with more computational difficulties than it might seem.
By attending this session, you will learn not just about the challenges of advisory management, but also gain data-driven insight on advisory management best practices. You’ll leave with practical tools to help you better remediate your open source advisories and the different approaches you can take to better manage your dependencies.
