Webinar - Securing Python and Open Source Ecosystems

Recent attacks targeting major open source repositories such as npm and PyPI highlighted that the software supply chain is increasingly vulnerable.

These incidents underscore the urgent need for enhanced security protocols and vigilant practices within the open source community, especially considering that 96% of today’s codebases contain some open source software.

In this fireside chat with Dustin Ingram, Fellow at the Python Software Foundation, we discuss the importance of establishing trust and reinforcing security within open source repositories, the proactive steps being taken by these repositories and their dependent organizations, and the broader implications for the open source ecosystem as a whole.

We cover:

- The imperative for enhanced trust and security in light of recent supply chain attacks
- The nature and variety of today’s threats
- Initiatives like Trusted Publishing for PyPI, in collaboration with key partners, aimed at fortifying the publishing process
- The central role played by repositories in the open source ecosystem and maintaining the balance between security and user convenience
- Future directions in securing public repositories, including the integration of software attestations
- Demonstration of securely publishing packages using ActiveState’s Trusted Publisher integration with PyPI

Whether you’re concerned with your organization’s use of open source, a seasoned developer or a community advocate, learn how open source repos can be secured for everyone.

Presenters:
Dustin Ingram, Fellow, Python Software Foundation
Pete Garcin, Director of Product, ActiveState