Could a few links of code f@#k it all up! March 2016. An anonymous open source developer decides to remove his code (left-pad) from a public repository. Shortly thereafter, several large organizations felt the impact of his actions. Facebook, AirBnB and others experienced errors impacting the functionality of their services. Packages using “left-pad” wouldn’t properly execute. Today, we embrace both the open source community and the growth of open source projects, modules and packages but… Dependencies and recursive dependencies might become a risk or even a new attack vector which we didn’t foresee. Could there be other cases of common and popular open source packages depending on open source modules that might not be there tomorrow or, even worse, could they be maliciously modified? Join us for an insightful session that will reveal our research on this topic where you will learn: • Which common open source packages might not be there tomorrow and how this can affect you? • How packages you use could be maliciously modified impact on your app Discuss the risks introduced by hybrid application development • How intertwined and complex dependencies have become Outline: The presentation will be based on our research and will detail the potential fails which may appear as a result of the huge number of open source projects and the intertwined dependency structure. 1. What the world of open source projects looks like today 2. Who uses open source and why 3. Research results regarding dependency structures 4. How it impacts the business of the internet a. Do vendors check each dependency in OS projects they use? b. Do vendors protect themselves? c. How much damage could a small change make? d. Can someone create mass damage by hacking a single github account? 5. Conclusions and summary Attendees will learn: 1. What to watch out for when using open source projects. 2. How to make sure you are not impacted by changes you don't control. 3. An understanding of open source dependency structures. Why It’s important: The subject of code and project dependencies has never received enough attention when it comes to security. Just recently we saw the impact a single code base with 11 lines of code had on some of the largest organizations globally. Our research will expose how real the risk is and how much of an impact it can have globally. The cool thing about this research is that it shows that significant damage can be done even without being a professional hacker.