Skip to content

Details

TOPIC: What's in your AI code? Learn why every SCA tool is wrong, and how to deal with it.
Join us for great networking, dinner and drinks, and see a presentation by Darren Meyer, Lead Solution Architect at Endor Labs.

ABSTRACT: With the rise of AI-fueled by Python-based libraries, it has become of paramount importance to scan Python-based projects and their dependencies for OSS vulnerabilities. Python relies on package managers like pip or conda to manage declared dependencies. Dependencies are declared in manifest files which the package manager uses to install the correct version of the required dependency. However, Python’s dependency management system coupled with its dynamic type nature makes it an especially challenging language to deal with.

Of particular focus is the phenomenon of phantom dependencies which are unreported dependencies in a project's manifest profile. These hidden dependencies, which are often provided dependencies (which is especially true for libraries such as tensorflow and pytorch which are essential for AI), challenge software composition analysis (SCA) of Python code, impacting the reliability of vulnerability results.

Thanks to our Sponsor: Endor Labs
Endor Labs’ Dependency Lifecycle Management Platform is designed to address the weakest link in software supply chain security: the ungoverned sprawl of open source software in the enterprise. Endor Labs’ mission is to help developers spend less time dealing with security issues and more time accelerating development through safe code reuse. With this solution, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale.

Thanks to our Host: HiveWatch
Intelligent, efficient, and scalable security
HiveWatch is a cloud-based SaaS platform built for physical security teams to enhance their current security technologies. It streamlines incident response, allows for the consolidation of disparate programs and systems, and reduces false alarms.

SPONSORSHIP Opportunities Available
*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*

CODE OF CONDUCT
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy

Events in El Segundo, CA
Computer Security
OWASP
Web Security
Ethical Hacking
Software Development

Sponsors

Sponsor logo
OWASP - LA
sponsorship.la@owasp.org
Sponsor logo
Wallarn
API Security and AI agents
Sponsor logo
Contrast Security
Application Detection and Response for Modern Enterprises
Sponsor logo
Kodem
Helping AppSec Teams Make Security a Priority
Sponsor logo
Arnica
AppSec made simple pipelineless detection and secret mitigation.
Sponsor logo
Endor Labs
Secure open source software without the dev productivity tax
Sponsor logo
DefectDojo
DefectDojo is the platform and product that enables scalable security
Sponsor logo
Cato Networks
One platform to connect all edges, everywhere
Sponsor logo
Checkmax
Securing the Applications Driving Our World
Sponsor logo
Mend io
equips your dev and security teams with tools to build a mature AppSec

Members are also interested in