Maintain or Migrate? The Python 2 Migration Conundrum in 202220220128122651

Maintain or Migrate? The Python 2 Migration Conundrum in 2022

Dana CraneLast Updated: March 9, 2022python 2, python 2 eol, Python 2 migration, python 2 support, Python 2 vulnerabilities
Should you maintain your Python 2 codebase or migrate to Python 3? You might not have a choice. Here's why....
5 key open source lessons from the past year20220120132339

5 key open source lessons from the past year

Dana CraneLast Updated: February 7, 2022log4j, open source security, python 2, python 2 eol, SBOM, software supply chain security
Planning for 2022? Here are the key lessons we learned in open source in 2021 that you need to take into account....
The Python 2 Threat in Your Supply Chain Is Real20211215173123

The Python 2 Threat in Your Supply Chain Is Real

Dana CraneLast Updated: December 16, 2021python 2, python 2 eol, python 2 support, Python 2 vulnerabilities, Python supply chain
Python 2 in development and test environments pose an undue risk in the face of escalating supply chain attacks....
PyPI security pitfalls and steps towards a secure Python ecosystem20211209190256

PyPI security pitfalls and steps towards a secure Python ecosystem

Dana CraneLast Updated: December 20, 2021
PyPI is improving Python supply chain security, but gaps still exist. Learn the tools and techniques to avoid Python's security pitfalls....
Managing IoT Security Threats and Vulnerabilities Better20211202132009

Managing IoT Security Threats and Vulnerabilities Better

Dana CraneLast Updated: December 2, 2021Internet of things, IoT, IoT Threats, IoT vulnerabilities, Python APIs, SBOM, Software bill of materials, software supply chain security
Securing IoT devices means securing their network, supply chain, and automating vulnerability remediation. Here's how....
How to work with vulnerable Python packages, and stay secure20211125113952

How to work with vulnerable Python packages, and stay secure

Dana CraneLast Updated: December 15, 2021Automated remediation, Common Vulnerabilities and Exposures, CVE, CVSS, NVD, Python vulnerabilities, vulnerability remediation
Vulnerabilities are a fact of Python developer life. Read this post to learn how to automate vulnerability remediation quickly and easily....
Which Python Dependency Manager Should I Choose?20211104194507

Which Python Dependency Manager Should I Choose?

Dana CraneLast Updated: November 5, 2021activestate platform, Anaconda, conda, dependency hell, dependency management, hatch, pip, pipenv, poetry, Python dependency management
Dependency management is hard. Environment management is harder. Learn how to do both, easier....
How to Avoid Becoming the Next SolarWinds20211028113046

How to Avoid Becoming the Next SolarWinds

Dana CraneLast Updated: October 28, 2021codecov, Google SLSA, Open source supply chain security, secure build service, software supply chain security, solarwinds, Supply chain attacks
Software supply chain attacks have been happening for years, but have only recently achieved mainstream notoriety with the SolarWinds attack in Decemb...
European union’s supply chain security guidelines for software suppliers20211015010933

European union’s supply chain security guidelines for software suppliers

Dana CraneLast Updated: October 15, 2021Google SLSA, MITRE D3FEND, Open source supply chain security, SBOM, software supply chain security, solarwinds, Supply chain attacks, typosquatting
The European Union Agency for CyberSecurity (ENISA) is an agency of the European Union (EU) that helps the EU address cybersecurity through policy and...
Anaconda vs ActiveState: The better partner for a more secure Python supply chain20211001163200

Anaconda vs ActiveState: The better partner for a more secure Python supply chain

Dana CraneLast Updated: October 6, 2021Anaconda, conda, conda forge, dependency confusion, Python ecosystem, python security tools, typosquatting
Python comes in many flavors, offering Pythonistas more than one way to accomplish their tasks. But for developers, the key criteria for making a choi...