We Make Python Safer Than Ever - Cheuk Ting Ho, OpenSSF & Seth Michael Larson, Python Software Foundation

Python is one of the programming languages that has a huge open-source supply chain. There are over 400,000 Python packages on Python Package Index (PyPI) and many more on other registries. Making sure this and the wider Python ecosystem are secure is a huge job and requires consistent contributions. Thanks to OpenSSF’s Alpha-Omega project, we now have a PSF Security Developer-in-Residence whose responsibility includes a security audit of the PyPI codebase and infrastructure, improving security practices, and establishing metrics on security posture to show impact. In this talk, we will have the PSF Security Developer-in-Residence himself talk about the effort that has been put in and plans to make Python safer. We will also have one of the PSF board of directors talking about what this means for the Python community and as community members how we can contribute to this effort.

Outline:
- Introduction of the OpenSSF Alpha-Omega project and the role of PSF Security Developer-in-Residence
- Challenges that the Python ecosystem is facing
- CPython and PyPI have come a long way and this is how we get here
- What else can be done? Onwards to the future of CPython and PyPI
- Why is it important to do this?
- As a Python user, what can I do?

свернуть