2026-07-16 –, S1
The CPython runtime is some of the most-used software in the world. Part of maintaining a secure software project like CPython is participating in coordinated vulnerability disclosure (CVD). This process allows security researchers and maintainers of projects to work together to fix vulnerabilities and alert the public, keeping all Python programmers and users safe.
In this talk attendees will learn about how the Python language organizes its security team, how to balance security and open source contribution in coordinated vulnerability disclosure, and the latest in how open source projects can maintain a sustainable vulnerability disclosure program. Attendees that aren’t currently contributing to open source projects, but have an interest in their dependencies being secure, will learn ways they can contribute meaningfully to the security of open source projects they depend on.
Security Developer-in-Residence at the Python Software Foundation since 2023. Python core developer and PSF Fellow. Maintainer of several open source Python projects including urllib3, Requests, and Truststore. Seth writes about open source, security, Python, and retro video games on his blog.