06.06.2021       Выпуск 389 (31.05.2021 - 06.06.2021)       Вопросы и обсуждения

Talk Python to Me: #319: Typosquatting and Supply Chains Vulnerabilities



Экспериментальная функция:

Ниже вы видите текст статьи по ссылке. По нему можно быстро понять ссылка достойна прочтения или нет

Просим обратить внимание, что текст по ссылке и здесь может не совпадать.

One of the true superpowers of Python is the libraries over at the Python Package Index. They are all just a "pip install" away. Yet, like all code that you run on your system, it is done with some degree of trust. How do we know that all of those useful packages are trustworthy?

That's the topic of this episode. Bentz Tozer and John Speed Meyers are here to share their research into typosquatting on PyPI and other sneaky deeds. But we also discuss some potential solutions and fixes.


Bentz Tozer is a Vice President in In-Q-Tel’s Cyber Practice, where he identifies and works with startups with the potential for high impact on national security. In previous roles, he has performed security research and software development with a focus on IoT devices and embedded systems. He has a PhD in systems engineering from George Washington University. btozer@iqt.org

John Speed Meyers is an engineer in IQT Labs and a researcher who focuses on software security, especially open source software supply chain security. He holds a PhD in policy analysis from the Pardee RAND Graduate School. He’s ambivalent about computers. jmeyers@iqt.org

Links from the show

Разместим вашу рекламу

Пиши: mail@pythondigest.ru

Нашли опечатку?

Выделите фрагмент и отправьте нажатием Ctrl+Enter.

Система Orphus