Search
1000 results for “pycon”
-
How else are Watering Hole Attacks being mitigated?
- Trusted Reporters / Auto-Quarantine
- More Trusted Publishing providers
- sudo mode and more scoped privileges
- "Staged Releases"
- "Secure Distributions" for CPythonMore Trusted Publishing Providers is desired! Warehouse is open source and PRs are welcome.
-
How else are Watering Hole Attacks being mitigated?
- Trusted Reporters / Auto-Quarantine
- More Trusted Publishing providers
- sudo mode and more scoped privileges
- "Staged Releases"
- "Secure Distributions" for CPythonMore Trusted Publishing Providers is desired! Warehouse is open source and PRs are welcome.
-
Just presented at EduSummit #PyConUS
"Your slides, but faster:
Building an AI-powered presentation workflow"https://pamelafox.github.io/ai-powered-presentation-workflow/
Tips: Use RevealJS, ASCII mockups, audits, agent skills -
At current pace, there will be 65 CVEs that affect the #python package ecosystem this year.
This is easily 3x-4x previous years.
One response to this is PEP-811: defining a Python security response team, membership and responsibilities (https://peps.python.org/pep-0811/)
This makes it easier to add more members and spread the load.
One result already in place: a formal vulnerability report response framework, uniting Github security policies and docs and the security response team.
-
Another new feature that's started mitigating risk: Dependency cooldowns.
Available in pip 26.1 and uv, dependabot, renovate, cooldowns set a time period that a package release needs to be live before installing it. Most attack releases are resolved in 24 hours, so having a cooldown period really helps mitigation.
-
Another new feature that's started mitigating risk: Dependency cooldowns.
Available in pip 26.1 and uv, dependabot, renovate, cooldowns set a time period that a package release needs to be live before installing it. Most attack releases are resolved in 24 hours, so having a cooldown period really helps mitigation.
-
Another new feature that's started mitigating risk: Dependency cooldowns.
Available in pip 26.1 and uv, dependabot, renovate, cooldowns set a time period that a package release needs to be live before installing it. Most attack releases are resolved in 24 hours, so having a cooldown period really helps mitigation.
-
Another new feature that's started mitigating risk: Dependency cooldowns.
Available in pip 26.1 and uv, dependabot, renovate, cooldowns set a time period that a package release needs to be live before installing it. Most attack releases are resolved in 24 hours, so having a cooldown period really helps mitigation.
-
Another new feature that's started mitigating risk: Dependency cooldowns.
Available in pip 26.1 and uv, dependabot, renovate, cooldowns set a time period that a package release needs to be live before installing it. Most attack releases are resolved in 24 hours, so having a cooldown period really helps mitigation.
-
Our plane landing at #pyconus. Taken by a pymug member (Nythienzo) on ground!
-
PyPI has also done a second audit! Funded by the Sovereign Tech Agency, and performed by @trailofbits
This was focused on the PyPI software itself, and was completed in 2023.
-
PyPI has also done a second audit! Funded by the Sovereign Tech Agency, and performed by @trailofbits
This was focused on the PyPI software itself, and was completed in 2023.
-
PyPI has also done a second audit! Funded by the Sovereign Tech Agency, and performed by @trailofbits
This was focused on the PyPI software itself, and was completed in 2023.
-
PyPI has also done a second audit! Funded by the Sovereign Tech Agency, and performed by @trailofbits
This was focused on the PyPI software itself, and was completed in 2023.
-
PyPI has also done a second audit! Funded by the Sovereign Tech Agency, and performed by @trailofbits
This was focused on the PyPI software itself, and was completed in 2023.
-
@pamelafox 's prez about slides with agents at #pyconus was compelling as always
-
Starting with "Watering Hole Attacks" -- targeting places people are likely to return to.
Shai-Hulud, LiteLLM, Trivy are all examples.
A common loop is:
"Malicious release" -> "Cryptocoins/ransomware/credentials" -> "Get more accounts" -> repeat
Attacks in one ecosystem can spread, because so many companies ship multi-ecosystem packages.
-
I just finished giving my talk at the #PyConUS education summit, "Vibe teaching: #Python training in the age of AI."
What fun!
I've uploaded the slides: https://speakerdeck.com/reuven/vibe-teaching-python-training-in-the-age-of-ai-pycon-us-2026-education-summit
-
Malware reports are going up and to the right -- in fact we're at 4x year over year (🙃)
The people involved (Mike and Seth) have not 4x'd in response.
So let's talk about some of the attacks we're seeing.
-
"AI is changing everything"
Tools are getting much better at finding bugs and defects, so finding these vulns is cheaper, both time and resources.
Reminder: Attackers just have to be correct once, defenders have to be right all the time.
AI has made this asymmetry worse!
-
I have made it to my first talk at #PyConUS
First up: Python Security with @sethmlarson and @miketheman
-
Good morning #PyConUS! FYI: #pyladies auction donations are due today and you'll need to fill out: https://docs.google.com/forms/d/e/1FAIpQLSciOIX5Omvwn8i41xI9zmBhljcuC6Soz-ryMRLL6RIDdC2yfQ/viewform
And don't forget to come to the auctionon Sat night! Dinner will be served and tickets here: https://us.pycon.org/2026/events/pyladies-auction/
-
Good morning #PyConUS! FYI: #pyladies auction donations are due today and you'll need to fill out: https://docs.google.com/forms/d/e/1FAIpQLSciOIX5Omvwn8i41xI9zmBhljcuC6Soz-ryMRLL6RIDdC2yfQ/viewform
And don't forget to come to the auctionon Sat night! Dinner will be served and tickets here: https://us.pycon.org/2026/events/pyladies-auction/
-
Good morning #PyConUS! FYI: #pyladies auction donations are due today and you'll need to fill out: https://docs.google.com/forms/d/e/1FAIpQLSciOIX5Omvwn8i41xI9zmBhljcuC6Soz-ryMRLL6RIDdC2yfQ/viewform
And don't forget to come to the auctionon Sat night! Dinner will be served and tickets here: https://us.pycon.org/2026/events/pyladies-auction/
-
Good morning #PyConUS! FYI: #pyladies auction donations are due today and you'll need to fill out: https://docs.google.com/forms/d/e/1FAIpQLSciOIX5Omvwn8i41xI9zmBhljcuC6Soz-ryMRLL6RIDdC2yfQ/viewform
And don't forget to come to the auctionon Sat night! Dinner will be served and tickets here: https://us.pycon.org/2026/events/pyladies-auction/