Name: October meetup: What's in your AI code?
Start: 2024-10-01T17:30:00-05:00
End: 2024-10-01T19:30:00-05:00
Location: 6160 Summit Dr N

**What's in your AI code? Learn why every SCA tool is wrong, and how to deal with it.**
**Darren Meyer, Staff Research Engineer, Endor Labs**

With the rise of AI-fueled by Python-based libraries, it has become of paramount importance to scan Python-based projects and their dependencies for OSS vulnerabilities. Python relies on package managers like pip or conda to manage declared dependencies. Dependencies are declared in manifest files which the package manager uses to install the correct version of the required dependency. However, Python’s dependency management system coupled with its dynamic type nature makes it an especially challenging language to deal with.

Of particular focus is the phenomenon of phantom dependencies which are unreported dependencies in a project's manifest profile. These hidden dependencies, which are often provided dependencies (which is especially true for libraries such as tensorflow and pytorch which are essential for AI), challenge software composition analysis (SCA) of Python code, impacting the reliability of vulnerability results.

Approximate agenda (U.S. Central Time):
5:30 - Doors open; socializing/connecting, food, OWASP announcements
6:00 - Presentation

Please remember to register and keep your registration up to date so we know how many to expect.

Nathan Larson

Zoa Buske

kiran sharma

OWASP MSP Chapter

OWASP® Foundation 

Technology

Software Development

OWASP

Application Security

Software Security

Computer Security

Web Application Security

Darren is an AppSec nerd of over 20 years, during which he’s built security programs large and small, been a security researcher, led research and AppSec and IR teams, and advised AppSec startups. Before that, he worked as a software developer and in a variety of IT roles. Through it all, there has been coffee and Star Wars.

OWASP MSP Chapter

October meetup: What's in your AI code?

OWASP MSP Chapter

Details

Members are also interested in