2023-03-13 –, Stage 1
The dependency graphs of modern applications greatly demonstrate how we build software today – we focus on our unique innovation and deal with common challenges by leveraging existing solutions. Though that’s a fine software development approach, each third-party component we use drags along dependencies that drag along their dependencies, and we end up with tons of known and unknown dependencies which could get us into legal and security trouble.
To identify and mitigate risks, we need increased knowledge of all software assets, choosing dependency wisely, tacking changes, and timely updating them.
In this talk we are going to explore the legal and security dependency management challenges and argue that risk management planning is better than crisis management.
Radoslava Zheleva (“Radi” to friends and family) is an Open Source Compliance Program Manager in VMware’s Open Source Program Office, where she oversees license compliance and mitigates potential legal risks around licensing. She holds a master’s in law and in international business. Before joining VMware in 2018, she worked as a project manager at Micro Focus and as an Account Business Manager at DXC Technology and Hewlett Packard Enterprise. In her personal time, she loves spending time with her husband and baby girl. And for fun and mental health, she loves kickboxing.
Velichka is a Senior Open Source Engineering Manager in VMware’s Open Source Program Office where she thrives exploring the innovation capabilities and collaborative power of open source.
Before joining VMware in 2019, she spent more than a decade working for a large international financial institution, rising from a junior .NET engineer to the head of the software development department in Sofia, Bulgaria. Over the years, she has engaged in all aspects of the software development lifecycle and gained considerable knowledge and experience in Project and People Management.
Velichka lives in Sofia with her partner and is raising two smart and self-confident young ladies.