Modern software is built on dependencies. They accelerate delivery, extend capabilities, and allow teams to focus on differentiation. But every import is an architectural decision with long term consequences. Beneath the convenience of package managers lie transitive vulnerabilities, maintenance risks, hidden operational costs, license exposure, performance trade offs, and ecosystem fragility.
The real cost of adopting a dependency is the probability of failure multiplied by its impact. What seems efficient today can become technical debt tomorrow when maintainers disappear, APIs shift unexpectedly, governance models change, or security flaws surface deep in transitive trees. Systems that must live for years inherit not just functionality but assumptions about threading, memory, serialization, and lifecycle management.
In regulated environments shaped by the EU Cyber Resilience Act, dependency decisions intersect with secure by design and secure by default obligations, SBOM transparency, and supply chain accountability. However, dependency risk is not merely an infrastructure or compliance problem. It is a core software engineering concern. Architectural boundaries, upgrade strategies, abstraction choices, and test isolation determine whether a dependency can be replaced, patched, or contained when it fails. These are design decisions made in code, not policies written in audit documents.
This session reframes dependency management as strategic engineering rather than administrative hygiene. We examine how to evaluate long term sustainability, assess project health beyond popularity metrics, manage upgrade fatigue, design for replaceability, and build systems that remain adaptable as ecosystems evolve.
Dependencies are not downloads. They are commitments that shape system behavior, resilience, and long term ownership. This talk equips teams to choose them deliberately, responsibly, and with sustained engineering stewardship in mind.

Elevator Pitch
Every dependency you introduce is an architectural commitment that shapes your system’s risk, resilience, and long term maintainability.
This session shows why dependency management is a core software engineering discipline and how to treat external code as a deliberate, auditable design decision rather than a convenience.