BEGIN:VCALENDAR
PRODID;X-RICAL-TZSOURCE=TZINFO:-//com.denhaven2/NONSGML ri_cal gem//EN
CALSCALE:GREGORIAN
VERSION:2.0
BEGIN:VTIMEZONE
TZID:Europe/Berlin
X-LIC-LOCATION:Europe/Berlin
BEGIN:DAYLIGHT
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
TZNAME:CEST
DTSTART:19700329T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
DTSTART:19701025T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTEND;TZID=Europe/Berlin;VALUE=DATE-TIME:20260815T110000
DTSTART;TZID=Europe/Berlin;VALUE=DATE-TIME:20260815T100000
DTSTAMP;TZID=Europe/Berlin;VALUE=DATE-TIME:20260705T174813
UID:71c13c59-2b0a-4b76-9111-b7c17d7f6a4a@frab.froscon.org
DESCRIPTION:Every modern PHP application is built on a foundation of thir
 d-party packages\, each with its own dependencies and its own trust assu
 mptions. Recent supply chain attacks in neighbouring ecosystems have mad
 e it painfully clear that what ends up in your vendor directory matters 
 as much as the code you write yourself.\n\nFor years\, the PHP ecosystem
  relied on informal tooling to keep vulnerable packages out: reports pri
 nted after an install had already completed\, and a clever abuse of the 
 dependency resolver's conflict rules to make known-bad versions uninstal
 lable. Recent Composer versions have replaced both with something strong
 er: advisory enforcement has moved into the resolver itself\, and the sa
 me machinery has been generalised so that malware flags\, policy rules\,
  and whatever category comes next can plug into the same pipeline.\n\nTh
 is talk walks through the PHP software stack's supply chain from the bot
 tom up. Where does advisory data come from\, and how is it aggregated? H
 ow do resolver-level blocking and filter lists actually work? How do the
 y relate to\, and supersede\, the older tooling? Where can the new defau
 lts bite you in ways a passive audit never did? And what should both app
 lication developers and maintainers do today?
URL:https://programm.froscon.org/2026/events/3475.html
SUMMARY:Supply Chain Security in the PHP Ecosystem
ORGANIZER:froscon2026
LOCATION:froscon2026 - HS 7
END:VEVENT
END:VCALENDAR
