In person

OWASP MSP October Meetup

Join us at OWASP MSP October Meetup!

Date
October 1, 2024
Time
5:30 PM to 7:30 PM CDT
Location
North America

Sign up now

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Event Overview

We’re excited to feature Darren Meyer, Staff Research Engineer at Endor Labs, at the upcoming OWASP MSP October Meetup, who will present an insightful session titled “What’s in Your AI Code? Learn Why Every SCA Tool is Wrong, and How to Deal with It.

Session Overview:

With the rise of AI-fueled by Python-based libraries, it has become of paramount importance to scan Python-based projects and their dependencies for OSS vulnerabilities. Python relies on package managers like pip or conda to manage declared dependencies. Dependencies are declared in manifest files which the package manager uses to install the correct version of the required dependency. However, Python’s dependency management system coupled with its dynamic type nature makes it an especially challenging language to deal with.

Of particular focus is the phenomenon of phantom dependencies which are unreported dependencies in a project's manifest profile. These hidden dependencies, which are often provided dependencies (which is especially true for libraries such as tensorflow and pytorch which are essential for AI), challenge software composition analysis (SCA) of Python code, impacting the reliability of vulnerability results.

Join us to learn how to navigate these challenges and enhance your understanding of securing AI applications against unseen threats.

Schedule

No items found.

Heading

No items found.

Want to stay in the loop?

Sign up for our newsletter.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.