Home Malware Python administrator moves to improve software security
Female Developer Thinking and Typing on Computer, Surrounded by Big Screens Showing Coding Language. Professional Programmer Working in an Office, Running Coding Tests. Futuristic Programming

Python administrator moves to improve software security

by biztrendz

This package volume means the index is under constant threat by malicious actors, with attacks including using similar-named packages to typo squat the legitimate ones, or create further dependency confusion, as Tom Callaway wrote in a blog in 2023. “Since Python is modular in nature, most Python applications rely heavily on PyPI to provide the necessary dependencies for core functions rather than reinventing them each time. PyPI is also the primary distribution point for Python applications and libraries.”

The language “is something new programmers are attracted to because it is easy to learn, and this means many developers aren’t necessarily thinking about security,” Ed Woodruff, an offensive security expert told CSO. “Before the quarantine effort, there wasn’t much emphasis on security, and I am happy to see this project taking the lead.”

How other open-source projects fare against bad actors

Other open-source projects have lower new package volumes or have commercial organizations with funding and resources to act as hall monitors. Take NPM, the index of Java software that is maintained by GitHub as an example of the latter situation. “GitHub is great at screening for malware, and they have some of the best security researchers in the world,” Janet Worthington, a Forrester Research analyst, told CSO.

Related Posts

Adblock Detected

Please support us by disabling your AdBlocker extension from your browsers for our website.