We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Talks - Cheuk Ting Ho: Making Python safer than ever
Learn how Python is evolving to meet modern security needs through 2FA requirements, malware detection, vulnerability monitoring, and essential best practices for developers.
-
Python’s diverse user base (data scientists, students, government workers) creates unique security challenges since many users lack formal engineering backgrounds
-
Two-Factor Authentication (2FA) is now mandatory for PyPI accounts to protect package publishing and maintenance
-
Common security risks include:
- Name confusion attacks (typosquatting)
- Unmaintained/outdated dependencies
- Compromised legitimate packages
- Untracked dependencies
- License compliance issues
-
The Python Software Foundation (PSF) has hired full-time security engineers focused on CPython and PyPI security
-
Key security improvements include:
- PSF Advisory Database
- Malware detection improvements
- Faster vulnerability response times (under 60 minutes)
- Signed Python releases using Sigstore
- Package verification tools
-
Best practices for users:
- Keep dependencies up to date
- Use package management tools
- Subscribe to security advisories
- Verify software authenticity
- Enable 2FA everywhere
-
Organizations should:
- Educate employees on security practices
- Support open source projects
- Implement security audits
- Use trusted publishers
- Monitor vulnerability databases
-
The Python ecosystem now provides tools like:
- pip audit for checking vulnerabilities
- Software Bill of Materials (SBOM) support
- OSV vulnerability database integration