Learning from the not-so-secret Python security "cabal"

The CPython runtime is some of the most-used software in the world. Part of maintaining a secure software project like CPython is participating in coordinated vulnerability disclosure (CVD). This process allows security researchers and maintainers of projects to work together to fix vulnerabilities and alert the public, keeping all Python programmers and users safe.

In this talk attendees will learn about how the Python language organizes its security team, how to balance security and open source contribution in coordinated vulnerability disclosure, and the latest in how open source projects can maintain a sustainable vulnerability disclosure program. Attendees that aren’t currently contributing to open source projects, but have an interest in their dependencies being secure, will learn ways they can contribute meaningfully to the security of open source projects they depend on.