100 Most Popular Courses for November

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Secure Software Supply Chains for Python

PyCon US via YouTube

Start learning Write review

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Grab it
Explore the critical topic of secure software supply chains in Python during this PyCon US talk. Delve into the robust ecosystem of open-source Python packages and the security challenges they present. Examine common supply chain attacks, including man-in-the-middle, typosquatting, and dependency confusion. Learn about protective measures such as HTTPS implementation, lockfile usage, and vulnerability notifications. Discover potential improvements to enhance ecosystem security, including package signing, audited repositories, and the Update Framework. Gain insights into the importance of funding open-source projects and the implementation of namespaces on PyPI to strengthen the overall Python software supply chain.

Syllabus

Intro
Secure Software Supply Chains for Python PyCon US 2021
Developer Advocate @ Google • Director @ Python Software Foundation • Maintainer @ Python Package Index
Software Supply Chain Everything it takes to produce your software
Secure Software Supply Chain What is it?
Supply Chain Attacks Let's see some examples
Supply Chain Attack: Man-in-the-middle
Supply Chain Attack: Typosquatting
Supply Chain Attack: Dependency Confusion
Supply Chain Attack: Being a target of "research"
Supply Chain Attack: Getting SolarWinded
What we can do: HTTPS everywhere
What we can do: Use lockfiles
Version pins • Hashes X • Full dependency tree
An underused workflow Compiled Dependencies
What can we prevent with lockfiles?
What we can do: Vulnerability notifications
Improvemnt: Package Signing
Improvement: Fully audited/curated
Improvement: The slow but inevitable death of setup.py
Improvement: The Update Framework
Improvement: Namespaces on PyPI
Improvement: More funding for projects

Taught by

PyCon US

Reviews

Start your review of Secure Software Supply Chains for Python

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.