Trials and Tribulations of Updating Dependencies for Vulnerability Remediation

Learn about the challenges and solutions in managing dependency vulnerabilities in a technical presentation from Google engineers. Explore the complexities of keeping dependencies updated, particularly in older projects, and discover how the OSV project's "guided remediation" feature helps automate updates while minimizing system breakages. Understand the intricacies of vulnerability management across npm and Maven ecosystems, including scanning project files, resolving dependencies with complex rules, determining viable updates, and implementing file modifications. Gain insights into prioritization strategies like vulnerability dependency depth and techniques for handling multiple vulnerability fixes simultaneously.