diff --git a/lectures/16_automatization.md b/lectures/16_automatization.md
index 83dae14..99715d8 100644
--- a/lectures/16_automatization.md
+++ b/lectures/16_automatization.md
@@ -560,7 +560,7 @@ just decrease the work by automatizing trivial tasks
     - Apple's "goto fail" issue is officially called CVE-2014-1266
 - GitHub [Dependabot](https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide)
     - uses package manager
-    - e.g., cargo (Rust), npm (JS), nuget (C#), maven (Java), pip (Python)
+    - e.g., cargo (Rust), npm (JS), nuget (C#), maven (Java), poetry (Python)
     - checks dependencies for vulnerabilities
 
 :::::::::
@@ -602,6 +602,23 @@ GitLab also has a similar solution
 :::
 
 
+## dependencies
+
+:::::::::::: {.columns}
+::::::::: {.column width="60%" .mt-4}
+- choose carefully the software packages / components your software will depend on
+- use well maintained software modules
+- unmaintained modules have potential vulnerabilities
+- aim for loose coupling regarding the dependency
+    - makes it easier to replace if needed
+:::::::::
+::::::::: {.column width="40%"}
+![[Dependency](https://xkcd.com/2347/) by Randall Munroe | [CC BY-NC 2.5](https://creativecommons.org/licenses/by-nc/2.5/)](figures/borrowed/xkcd/dependency_2x.png){width=350}
+
+:::::::::
+::::::::::::
+
+
 # interruption
 
 :::::::::::: {.columns}
diff --git a/lectures/figures/borrowed/xkcd/dependency_2x.png b/lectures/figures/borrowed/xkcd/dependency_2x.png
new file mode 100644
index 0000000..c4c2650
Binary files /dev/null and b/lectures/figures/borrowed/xkcd/dependency_2x.png differ