Maintain or Migrate? The Python 2 Migration Conundrum in 202220220128122651
Maintain or Migrate? The Python 2 Migration Conundrum in 2022
Dana CraneLast Updated: March 9, 2022python 2, python 2 eol, Python 2 migration, python 2 support, Python 2 vulnerabilities
Should you maintain your Python 2 codebase or migrate to Python 3? You might not have a choice. Here's why....
5 key open source lessons from the past year20220120132339
5 key open source lessons from the past year
Dana CraneLast Updated: February 7, 2022log4j, open source security, python 2, python 2 eol, SBOM, software supply chain security
Planning for 2022? Here are the key lessons we learned in open source in 2021 that you need to take into account....
The Python 2 Threat in Your Supply Chain Is Real20211215173123
The Python 2 Threat in Your Supply Chain Is Real
Dana CraneLast Updated: December 16, 2021python 2, python 2 eol, python 2 support, Python 2 vulnerabilities, Python supply chain
Python 2 in development and test environments pose an undue risk in the face of escalating supply chain attacks....
PyPI security pitfalls and steps towards a secure Python ecosystem20211209190256
PyPI security pitfalls and steps towards a secure Python ecosystem
Dana CraneLast Updated: December 20, 2021
PyPI is improving Python supply chain security, but gaps still exist. Learn the tools and techniques to avoid Python's security pitfalls....
Managing IoT Security Threats and Vulnerabilities Better20211202132009
Managing IoT Security Threats and Vulnerabilities Better
Dana CraneLast Updated: December 2, 2021Internet of things, IoT, IoT Threats, IoT vulnerabilities, Python APIs, SBOM, Software bill of materials, software supply chain security
Securing IoT devices means securing their network, supply chain, and automating vulnerability remediation. Here's how....
How to work with vulnerable Python packages, and stay secure20211125113952
How to work with vulnerable Python packages, and stay secure
Dana CraneLast Updated: December 15, 2021Automated remediation, Common Vulnerabilities and Exposures, CVE, CVSS, NVD, Python vulnerabilities, vulnerability remediation
Vulnerabilities are a fact of Python developer life. Read this post to learn how to automate vulnerability remediation quickly and easily....
Which Python Dependency Manager Should I Choose?20211104194507
Which Python Dependency Manager Should I Choose?
Dana CraneLast Updated: November 5, 2021activestate platform, Anaconda, conda, dependency hell, dependency management, hatch, pip, pipenv, poetry, Python dependency management
Dependency management is hard. Environment management is harder. Learn how to do both, easier....
How to Avoid Becoming the Next SolarWinds20211028113046
How to Avoid Becoming the Next SolarWinds
Dana CraneLast Updated: October 28, 2021codecov, Google SLSA, Open source supply chain security, secure build service, software supply chain security, solarwinds, Supply chain attacks
Software supply chain attacks have been happening for years, but have only recently achieved mainstream notoriety with the SolarWinds attack in Decemb...
European union’s supply chain security guidelines for software suppliers20211015010933
European union’s supply chain security guidelines for software suppliers
Dana CraneLast Updated: October 15, 2021Google SLSA, MITRE D3FEND, Open source supply chain security, SBOM, software supply chain security, solarwinds, Supply chain attacks, typosquatting
The European Union Agency for CyberSecurity (ENISA) is an agency of the European Union (EU) that helps the EU address cybersecurity through policy and...
Anaconda vs ActiveState: The better partner for a more secure Python supply chain20211001163200
Anaconda vs ActiveState: The better partner for a more secure Python supply chain
Dana CraneLast Updated: October 6, 2021Anaconda, conda, conda forge, dependency confusion, Python ecosystem, python security tools, typosquatting
Python comes in many flavors, offering Pythonistas more than one way to accomplish their tasks. But for developers, the key criteria for making a choi...