February 23-25, 2022
Montreal, Canada

Software supply chain security for Python and others

Modern applications depend on a multitude of Python, Node.js, Rust, or Go packages, which are maintained by strangers and downloaded from public repos. Supply chain can be attacked or fail for other reasons from API breakage to "leftpad", or typo-squatting. In my talk I'll cover techniques and best practices for a stable, secure supply chain as well as insight from a Python security team member and packager for Fedora and CentOS.

View all 157 sessions

Christian Heimes

Red Hat

Christian is a long time Python developer from Hamburg/Germany. In the past he has contributed to several Open Source projects such as the CPython interpreter. In the past years he has helped to keep Python secure, for example as member of the Python security response team, secure hashing (PEP 456) and improvements of Python's TLS/SSL module. Nowadays he is employed by Red Hat and works on OpenShift container security, FreeIPA identity management and Dogtag public key infrastructure.

Read More