In person

OWASP - LA Monthly Meet-up In-Person, June 2024

What's in your AI code?

Learn why every SCA tool is wrong, and how to deal with it.
Join us for great networking, dinner and drinks, and see a presentation by Darren Meyer, Staff Research Engineer at Endor Labs.

With the rise of AI-fueled by Python-based libraries, it has become of paramount importance to scan Python-based projects and their dependencies for OSS vulnerabilities. Python relies on package managers like pip or conda to manage declared dependencies. Dependencies are declared in manifest files which the package manager uses to install the correct version of the required dependency. However, Python’s dependency management system coupled with its dynamic type nature makes it an especially challenging language to deal with.

Of particular focus is the phenomenon of phantom dependencies which are unreported dependencies in a project's manifest profile. These hidden dependencies, which are often provided dependencies (which is especially true for libraries such as tensorflow and pytorch which are essential for AI), challenge software composition analysis (SCA) of Python code, impacting the reliability of vulnerability results.

Date
June 26, 2024
Time
5.30 pm PDT to 8.30 pm PDT
Location
North America

Sign up now

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Event Overview

Schedule

No items found.

Heading

No items found.

Want to stay in the loop?

Sign up for our newsletter.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.