Every graph of Python open source has been up and to the right over the past year. Both the good: code, packages, releases, users... and the bad: malware, attacks on open source projects and infrastructure, and vulnerabilities. Building security infrastructure for the Python ecosystem is a challenge of ever-increasing scale.
This talk will cover successes from the past year to secure the Python Package Index, the Python programming language, and the ever-growing collection of Python packages the ecosystem depends on thanks to Alpha-Omega’s investment in security at the Python Software Foundation.
This talk will also detail the many future opportunities for open source security through the intentional application of traditional tools with advanced and pre-release generative AI models. Technological advancements often cut both ways: generative AI models also present new challenges for open source security, including shortening time-to-exploit for attackers and destabilizing established practices of vulnerability reporting and remediation.
Alpha-Omega's mission is to protect society by catalyzing sustainable security improvements to the most critical open source software projects and ecosystems. Funded by Amazon AWS, Google, Microsoft, Citi, Anthropic, and OpenAI, Alpha-Omega has partnered with the Python Software Foundation to support two critical security-focused roles for the Python Ecosystem.
Michael Winser is the co-founder of Alpha-Omega. Seth Larson is the Python Security Developer in Residence.