Join us in Reston for the OWASP NoVA Chapter May 2024 meetup!

Location: 11955 Democracy Dr · Reston, VA

What's in your AI code?

Learn why SCA tools are wrong, and how to deal with it

With the rise of AI-fueled by Python-based libraries, it has become of paramount importance to scan Python-based projects and their dependencies for OSS vulnerabilities. Python relies on package managers like pip or conda to manage declared dependencies. Dependencies are declared in manifest files which the package manager uses to install the correct version of the required dependency. However, Python’s dependency management system coupled with its dynamic type nature makes it an especially challenging language to deal with.

In this session, Nate Michelov will talk about:

• The basics of open source dependency management‍
• ‍Unique problems that come with Python, including Python-based AI applications‍
• ‍Phantom dependencies‍
• ‍How traditional SCA tools work‍
• ‍How program analysis provides superior SCA coverage