BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//programme.europython.eu//europython-2024//talk//SHUQ9L BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-europython-2024-SHUQ9L@programme.europython.eu DTSTART;TZID=CET:20240711T112000 DTEND;TZID=CET:20240711T115000 DESCRIPTION:The Python development landscape thrives on the extensive use o f open-source libraries and frameworks. However\, the growing prevalence o f attacks targeting OSS underscores the need for robust security measures to consume open source. \n\nIn this talk\, we'll examine how the Secure Su pply Chain Consumption Framework (S2C2F) can guide organizations in secure ly consuming Python OSS\, utilizing tools such as pip\, artifact managment \, sboms and Dependabot. \n\nThe S2C2F Framework was developed by Microsof t and later donated to the Open Source Security Foundation (OpenSSF). It p rovides a structured approach to enhancing the security of OSS consumption . \n\nWe'll provide an overview of its core principles and maturity levels and discuss practical strategies for implementing S2C2F principles within Python projects\, including dependency management with pip\, artifact man agement\, sboms\, signatures\, deny rules\, forking policies and automated security updates with Dependabot.\n\nThe S2C2F is a pragmatic approach to securing how you consume OSS.\n It emphasizes the fundamental principles of knowing your OSS\, preventing the introduction of vulnerable packages\, and maintaining robust patch management.\n\nYou will come away from this talk with practical tips and best practices on how to securely consume ope n source in python. DTSTAMP:20260513T161549Z LOCATION:Terrace 2B SUMMARY:Best practices for securely consuming open source in Python - Ciara Carey URL:https://programme.europython.eu/europython-2024/talk/SHUQ9L/ END:VEVENT END:VCALENDAR