2026-07-01 –, Amphitheater 122
The Rust ecosystem is often praised for its "harmonized chaos" of crates, but a new trend is emerging in security-critical tools: the total avoidance of dependencies. While projects like sudo-rs aim to reduce the supply chain attack surface, this architectural choice comes with a cost. During my PhD work on RootAsRole, I discovered that dependencies minimisation leads to monolithic designs where security logic is tightly coupled to use-cases.
This talk explores the friction between security-hardened isolation and the community’s need for reusable, battle-tested components. When we refuse to depend on others, we stop contributing to shared building blocks. We end up reinventing the wheel, forking unmaintained libraries, and scattering security expertise across dozens of "independent" forks. I will share many insights about what is the Good, the Bad and the Ugly.
PhD in Cybersecurity. Open-source enjoyer.