Security Developer-in-Residence Weekly Report #32

Published 2024-03-29 by Seth Larson
Reading time: 2 minutes

This critical role would not be possible without funding from the Alpha-Omega project. Massive thank-you to Alpha-Omega for investing in the security of the Python ecosystem!

Returned from my vacation this week and have gotten things back in order heading into April. This report covers what's happened since the first week of March.

CISA Open Source Summit

I attended the Open Source Security summit hosted by CISA in early March. The event was attended by many other open source ecosystems. The summit focused on strengthening the security of open source infrastructure like package repositories.

The Principles for Package Repository Security document was a top point of discussion. This document provides a roadmap for other package repositories to prioritize security work into discrete projects and all examples have prior art that can be learned from other package repositories (such as Trusted Publishers for PyPI).

The summit also discussed the available resources and challenges between the public sector and open source software and a tabletop exercise between package repositories, the public sector, and open source maintainers and users.

Google Summer of Code 2024

Google Summer of Code is open now and there are many available ideas for Python including one that I submitted with Dustin Ingram on adopting the OpenSSF Hardened Compiler Options for C/C++ for CPython. The task description is:

Applications are due by April 2nd, 2024 so if you're interested in working on this idea act quickly to prepare your application. I've already received some interest and have been providing some guidance to potential applicants.

Speaking and Tabletop Exercise participant at SOSS Community Day NA

I'm speaking at the OpenSSF SOSS Community Day in Seattle on April 15th. I'm also a participant in the Tabletop Exercise that caps off SOSS Community Day.

Other items

That's all for this week! 👋 If you're interested in more you can read next week's report or last week's report.

Thanks for reading! ♡ Did you find this article helpful and want more content like it? Get notified of new posts by subscribing to the RSS feed or the email newsletter.

This work is licensed under CC BY-SA 4.0