Talk by Cheng Chai
LeSS Conference Amsterdam 2026
Dependency management is often treated as a routine technical concern — a list of libraries in a configuration file. But in large-scale software systems, dependencies extend far beyond package versions. They include compilers, build tools, environments, configurations, infrastructure, and every hidden input that influences the final product.
In this talk, Cheng Fang explores the deeper complexity of dependency management through a real-world story involving the security audit of a massive telecom system. The investigation raised three fundamental questions:
Answering these questions reveals a core challenge in modern software engineering:
Trust must be designed into the engineering system itself.
Drawing from large-scale industry experience, this session introduces a practical framework built around three key practices.
Breaking large systems into explicit, well-defined build units with complete dependency boundaries.
Ensuring deterministic and reproducible builds so that the same inputs always produce identical outputs.
Generating traceable “birth certificates” for every artifact, proving exactly how and from what it was produced.
Through concrete examples from large-scale telecom and autonomous driving systems, Cheng shows how explicit dependency management can transform chaotic build systems into predictable, scalable engineering platforms.
This talk is particularly relevant for engineers and leaders working with large products, complex build pipelines, and long-lived software systems.
LeSS Conference Amsterdam 2026
https://less.works
