BloomTech’s Downfall: A Long Time Coming

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Secure Software Supply Chains for Python

PyCon US via YouTube

Start learning Write review

Overview

This course covers the learning outcomes and goals of understanding and securing the Python software supply chain. It teaches about the common Python software supply chain, different attack methods, and ways to protect it. The course also introduces tools and methodologies to enhance supply-chain security and discusses potential improvements to the ecosystem. The teaching method includes exploring supply chain concepts, demonstrating attack examples, and proposing security enhancements. The intended audience for this course includes Python developers, software engineers, and individuals interested in cybersecurity and open-source software development.

Syllabus

Intro
Secure Software Supply Chains for Python PyCon US 2021
Developer Advocate @ Google • Director @ Python Software Foundation • Maintainer @ Python Package Index
Software Supply Chain Everything it takes to produce your software
Secure Software Supply Chain What is it?
Supply Chain Attacks Let's see some examples
Supply Chain Attack: Man-in-the-middle
Supply Chain Attack: Typosquatting
Supply Chain Attack: Dependency Confusion
Supply Chain Attack: Being a target of "research"
Supply Chain Attack: Getting SolarWinded
What we can do: HTTPS everywhere
What we can do: Use lockfiles
Version pins • Hashes X • Full dependency tree
An underused workflow Compiled Dependencies
What can we prevent with lockfiles?
What we can do: Vulnerability notifications
Improvemnt: Package Signing
Improvement: Fully audited/curated
Improvement: The slow but inevitable death of setup.py
Improvement: The Update Framework
Improvement: Namespaces on PyPI
Improvement: More funding for projects

Taught by

PyCon US

Reviews

Start your review of Secure Software Supply Chains for Python

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.