The Python Software Foundation (PSF) is happy to announce the launch of a year-long security enhancement initiative that will include a security audit and the creation of a new Security Developer-in-Residence role. Generous funding by the OpenSSF’s Alpha-Omega Project has made this work possible.
Recent open source supply chain security attacks on open source projects and infrastructure have increased awareness of the critical role projects like Python and the Python Package Index (PyPI) play in providing a safe and secure ecosystem for millions of open source users. Historically, the Python Software Foundation’s ability to make key security improvements has only been realized when dedicated teams of volunteers or its existing infrastructure staff make time, or when it has received occasional grants, such as the introduction of 2FA and other security improvements to PyPI in 2019.
The Security Developer-in-Residence will work full-time during the initiative to formalize existing security practices and become more proactive in Python-related security improvements. The new role will be responsible for addressing security issues across PSF projects such as CPython and PyPI, and applying knowledge and expertise and working with volunteers to implement key improvements in a timely manner. They will also establish new processes and features that make it easier to prevent, detect, and respond to security risks to lay a foundation that makes it easier and more sustainable for the community to identify and address security issues going forward.
The Security Developer-in-Residence job is posted HERE. Please take a look and and share with your friends and colleagues.
This role is funded by a substantial investment from the Open Software Security Foundation’s Alpha-Omega Project. The OpenSSF is a non-profit cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community, targeted initiatives, and best practices. The OpenSSF brings together open source security initiatives under one foundation to accelerate work through cross-industry support.
The PSF is a non-profit whose mission is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers. The PSF supports the Python community using corporate sponsorships, grants, and donations. Are you interested in sponsoring or donating to the PSF so it can continue supporting Python and its community? Check out our sponsorship program, donate directly here, or contact our team!